0xicingdeath
commented
2 years ago Hey @michprev, thanks for the catch! We updated the hash function we're using in #90, which has been merged to dev, so feel free to test out the changes there! We'll plan to add more tests on this before it's merged to the main branch and prior to the pip release.
In the Ethereum world, Keccak-256 usually refers to the original design of the Keccak-256 hash function, while SHA-3 refers to the modified version of Keccak-256 from NIST. Please see https://github.com/ethereumbook/ethereumbook/blob/develop/04keys-addresses.asciidoc#ethereums-cryptographic-hash-function-keccak-256.
That means that this line is using an incorrect hashing function. The correct implementation is provided by, for example, eth-hash (https://github.com/ethereum/eth-hash). https://github.com/crytic/solc-select/blob/1f72897dc890ce112da60cf1beebe6bee749ec2f/solc_select/solc_select.py#L110
The reason why checksum verification succeeds is that both hashes (SHA-256 and Keccak-256) need to be incorrect to raise an exception: https://github.com/crytic/solc-select/blob/1f72897dc890ce112da60cf1beebe6bee749ec2f/solc_select/solc_select.py#L120-L123