There is function _hashFixedGovernanceOpts in Crowdfund contract and function _getDistributionHash in TokenDistributor contract. The first one truncates the hash result to 16 bytes, the second to 15 bytes.
Impact
It is possible to find a collision for such truncated hash using algorithm with O(2^(hash_bitlenght/2) * T) time complexity where T is the complexity of hash calculation (according to the Birthday Problem). And it will cost not too much money, according to the current hash computing power. So usage of such hash function is not safe at all.
Recommended Mitigation Steps
Don't truncate the hash result so much. Ideally, use all 32 bytes of the hash result.
merklejerk
commented
1 year ago
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/d129d647796369a18e30b336e74e7d1bfc779597/contracts/crowdfund/Crowdfund.sol#L322 https://github.com/PartyDAO/party-contracts-c4/blob/d129d647796369a18e30b336e74e7d1bfc779597/contracts/distribution/TokenDistributor.sol#L390
Vulnerability details
Description
There is function
_hashFixedGovernanceOptsinCrowdfundcontract and function_getDistributionHashinTokenDistributorcontract. The first one truncates the hash result to 16 bytes, the second to 15 bytes.Impact
It is possible to find a collision for such truncated hash using algorithm with
O(2^(hash_bitlenght/2) * T)time complexity whereTis the complexity of hash calculation (according to the Birthday Problem). And it will cost not too much money, according to the current hash computing power. So usage of such hash function is not safe at all.Recommended Mitigation Steps
Don't truncate the hash result so much. Ideally, use all 32 bytes of the hash result.