EIP-712 domain separator missing chainId

Superstate's assessment for RD-F-020 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

SuperstateToken.sol uses ERC-712 via OpenZeppelin EIP712Upgradeable base (OZ v4.9.3 pinned at commit 3d4c0d57). OZ v4.9.3 EIP712Upgradeable correctly includes chainId in the domain separator by default. Audit-2 M-1 (permit compliance) was addressed. No cross-chain replay vulnerability identified in the permit design.

Sources #

Audit
0xMacro Superstate Audit 20xMacro superstate-2 M-1: permit EIP-2612 compliance addressed in final commit 8bf5b29b7eb670778aeedd53342bbce4551b1385retrieved 2026-05-16
GitHub
OZ upgradeable v4.9.3 commit (EIP712 with chainId)OZ upgradeable v4.9.3 commit 3d4c0d5741b131c231e558d7a6213392ab3672a5 - EIP712Upgradeable includes chainIdretrieved 2026-05-16

Methodology #

Determine whether the EIP-712 domain separator struct omits the `chainId` field, allowing cross-chain replay.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-020 score green collected_at 2026-05-16 00:06:37