> For the complete documentation index, see [llms.txt](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorials/tutorial-4-block.chainid-domain_separator-and-eip-2612-permit.md). # Tutorial 4: Block.chainid, DOMAIN\_SEPARATOR and EIP-2612 permit {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} {% hint style="info" %} **Exploring Block.chainid and DOMAIN\_SEPARATOR Vulnerabilities in Ethereum Contracts:** An Auditor's Essential Guide. This comprehensive tutorial is specifically designed for blockchain auditors and Ethereum enthusiasts, focusing on potential vulnerabilities related to the misuse of block.chainid and DOMAIN\_SEPARATOR in Ethereum smart contracts. Real-world examples and best practices from respected libraries like OpenZeppelin are used to illustrate the potential pitfalls and provide effective strategies for mitigation. This guide serves as a valuable resource for understanding, identifying, and rectifying these often overlooked yet noteworthy security issues. {% endhint %} In Ethereum's vast ecosystem, block.chainid and DOMAIN\_SEPARATOR are pivotal components ensuring secure and accurate contract interactions. Mismanagement or incorrect initialization of these elements can introduce vulnerabilities into the smart contract system. These vulnerabilities become especially relevant in the event of a hard fork, as the changing block.chainid can render previous DOMAIN\_SEPARATORs invalid, leading to potential security breaches. Issues concerning block.chainid and DOMAIN\_SEPARATOR have surfaced during smart contract audits and have been exposed in bug bounties, occasionally leading to notable security vulnerabilities. These instances underline the importance of a correct handling approach towards block.chainid and DOMAIN\_SEPARATOR to protect assets and maintain the contract's integrity. In this tutorial, we will scrutinize the vulnerabilities associated with block.chainid and DOMAIN\_SEPARATOR. We will leverage real-world examples from audit findings to illuminate their potential impacts. Furthermore, we will delve into secure and efficient ways to handle these variables, utilizing trusted libraries such as OpenZeppelin for mitigation strategies. As we navigate this intricate subject, we will continually emphasize the importance of correct implementation to prevent the unintended consequences of incorrect usage. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorials/tutorial-4-block.chainid-domain_separator-and-eip-2612-permit.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.