Open hats-bug-reporter[bot] opened 3 days ago
Its similar issue in Palmera contest is accepted as valid low
https://github.com/hats-finance/Palmera-0x5fee7541ddcd51ba9f4af606f87b2c42eea655be/issues/13
abi.encode
is not feasible here as it throws an EVM level error. The entire _getDeploymentData
returned value, although using dynamic types, is essentially of constant length. Users cannot influence it in any way. Additionally, atomWarden
is designed to practically never change, further mitigating the risk.
Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x7499c3f4d678efb2a682d61428adf422dd2e2bd4e134870c9fa904bfb3cb3991 Severity: low
Description: Description\ From the solidity documentation: https://docs.soliditylang.org/en/v0.8.17/abi-spec.html?highlight=collisions#non-standard-packed-mode > If you use keccak256(abi.encodePacked(a, b)) and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked("a", "bc") == abi.encodePacked("ab", "c").
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
return abi.encodePacked(code, encodedArgs);
both inputs are dynamic type inputs i.e bytesRecommendation
Use
abi.encode
or usebytes32
inputs