CRYP70
medium
The _validateSigner()
function is used when calling resolveQueuedTrades()
and unlockOptions()
however, the chain id is not specified when attempting to validate the signature.
There is no chain id in the signed data.
If a user calls a function which uses the _validateSigner()
function while using the incorrect network, the attacker can replay the act on the correct chain to cause unexpected results.
Manual Review
Consider including block.chainId
in the hashed content.