Open hats-bug-reporter[bot] opened 3 weeks ago
encodepacked can only create a collision if the inputs are of variable length. In our case, all inputs are of fixed length, thus using encodepacked is appropriate.
If you believe you found a collision with elements of fixed lengths, please provide an example of such collision.
Github username: @giorgiodalla Twitter username: 0xAuditism Submission hash (on-chain): 0xbef0ce7be7040f401c937c1675d9770b6585ecfb13cc3d8ab89bbc049cfecdd2 Severity: low
Description: Description\
The usage of keccak256 hshing and abo.encodepacked may lead to hash collision. It is best to use abi.encode instead
Attack Scenario\ ecery hash has to be unique, collision is critical
Attachments
https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/blob/1632b61bf2c3104916b9c501a0af65d0502dfc4c/contracts/CrossChainProofOfHumanity.sol#L268-L270