Open hats-bug-reporter[bot] opened 1 week ago
Need more context, How would this affect the inscope contracts?
Taking into account that SAFE uses the same SLOT and at the moment in both versions, and they have never had an exploit related to this, I consider it invalid
if you have PoC for this explot pls give us more context!!!
Github username: -- Twitter username: -- Submission hash (on-chain): 0xfb210fffd527b5bf6abef5de02919f255c4ac04ffc5f904e712e21ec6dae3cc4 Severity: medium
Description:
Description
Storage slots manually constructed using keccak hash of a string are prone to storage slot collision as the pre-images of these hashes are known. Attackers may find a potential path to those storage slots using the keccak hash function in the codebase and some crafted payload
Attachments
PoC
https://github.com/hats-finance/Palmera-0x5fee7541ddcd51ba9f4af606f87b2c42eea655be/blob/dfd821e2fd7825c66c079c19be9460238f6e045a/src/libraries/Constants.sol#L82-L84
Should be: