defirisk.co
rubric v1.7.0

EIP-712 domain separator missing chainId

Lombard Finance's assessment for RD-F-020 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

NativeLBTC and StakedLBTC inherit from BaseLBTC which uses OZ's ERC20PermitUpgradeable (EIP-2612). OZ's EIP-712 implementation includes chainId in the domain separator by default. No cross-chain replay risk from missing chainId in domain separator as OZ 5.0.2 always includes chainId. Cross-chain message replay for bridge operations is handled at the BridgeV2/Consortium layer via separate message binding (not EIP-712). Confidence medium — domain separator not directly inspected but OZ standard implementation is well-established.

Sources #

  • GitHub
    NativeLBTC.sol sourceNativeLBTC.sol inherits from BaseLBTC with ERC20PermitUpgradeable (OZ 5.0.2)retrieved 2026-05-05

Methodology #

Determine whether the EIP-712 domain separator struct omits the `chainId` field, allowing cross-chain replay.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-020 score green collected_at 2026-05-05 12:03:08