Using abi.encodePacked() with multiple variable length arguments can, in
certain situations, lead to a hash collision.
Attack Scenario\
Attachments
Proof of Concept (PoC) File
the _campaignId is created with abi.encodePacked a keccak 256 hash of different variables of varying length which create a hash collision risk.
Revised Code File (Optional)
Instead of using encodePacked consider using abi.encode:
function _campaignId(CreateBundle memory _bundle) internal pure returns (bytes32) {
return keccak256(
Github username: @@giorgiodalla Twitter username: 0xAuditism Submission hash (on-chain): 0x177186b298be83ff6acd1a83834eecdb5c5f88936f77bb81d482b5f609c2633a Severity: low
Description: Description\
Using abi.encodePacked() with multiple variable length arguments can, in certain situations, lead to a hash collision.
Attack Scenario\
Attachments
Proof of Concept (PoC) File the _campaignId is created with abi.encodePacked a keccak 256 hash of different variables of varying length which create a hash collision risk.
Revised Code File (Optional)