# Hashnote SDYC Audit - Round 2 > draft date: Apr 9 # Low ## [L02] fund admin can use `depositFromWithPermit` to deposit to arbitrary address In `depositFromWithPermit`, the fund admin address can trigger a "deposit" if a user signs a permit signature. However, the recipient is chosen by the admin (msg.sender), not decided or signed by the user. Given that the admin role already has a lot of power controlling the token balances, this doesn't pose additional risk to the users. However, it adds an unnecessary trust assumption in the deposit step and might make this function less useful. **Suggestion**: consider removing the `recipient` input and just deposit to `from` to minimize trust assumptions. Or add another signature validation similar to "signed withdrawal". ```javascript function depositFromWithPermit( address _from, uint256 _amount, uint256 _deadline, uint8 _v, bytes32 _r, bytes32 _s ) external virtual nonReentrant returns (uint256) { _assertFundAdmin(); IERC20Permit(address(underlying)).permit(_from, address(this), _amount, _deadline, _v, _r, _s); return _depositFor(_from, _from, _amount); } ``` # Informational ## [I08]: `_computeDomainSeparator` use version of `2` ```javascript return keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256(bytes(name)), keccak256("2"), // here block.chainid, address(this) ) ); ``` In ERC20, the domain separator is calculated with version == 2. This might not align with expectations when signing EIP712 signatures, particularly when deploying a new contract. It would be cleaner to change it to 1.