EIP-712 domain separator missing chainId

Chainlink CCIP's assessment for RD-F-020 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

ManyChainMultiSig uses custom domain separators (MANY_CHAIN_MULTI_SIG_DOMAIN_SEPARATOR_OP and _METADATA) via keccak256() not standard EIP-712. chainId is embedded in operation metadata but not in a formal EIP-712 domain separator struct. Internal.sol message hash constants (ANY_2_EVM_MESSAGE_HASH, EVM_2_ANY_MESSAGE_HASH) are static strings without chainId — cross-chain messages are intentionally cross-chain so EIP-712 with chainId is inapplicable to message hashing, but the governance message signing in MCMS should ideally follow EIP-712.

Sources #

GitHub
ManyChainMultiSig.sol — custom domain separator, not EIP-712ManyChainMultiSig.sol — non-EIP-712 domain separatorsretrieved 2026-05-16
GitHub
Internal.sol — ANY_2_EVM_MESSAGE_HASH without EIP-712 chainId domainInternal.sol — static message hash constants without chainId in domainretrieved 2026-05-16

Methodology #

Determine whether the EIP-712 domain separator struct omits the `chainId` field, allowing cross-chain replay.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-020 score yellow collected_at 2026-05-16 01:55:09