defirisk.co
rubric v1.7.0

EIP-712 domain separator missing chainId

Spiko's assessment for RD-F-020 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Token.sol uses ERC20PermitUpgradeable (EIP-2612). OZ ERC20PermitUpgradeable in v5.x includes chainId in domain separator by construction per EIP-712. Contract deployed across multiple EVM chains (Ethereum, Arbitrum, Polygon, Base) - chainId in domain separator prevents cross-chain replay.

Sources #

  • GitHub
    Spiko Token.sol sourceToken.sol ERC20PermitUpgradeable import - OZ v5.x includes chainId in domain separatorretrieved 2026-05-16

Methodology #

Determine whether the EIP-712 domain separator struct omits the `chainId` field, allowing cross-chain replay.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-020 score green collected_at 2026-05-15 22:52:13