Open hats-bug-reporter[bot] opened 1 week ago
This submission is invalid.
The use of abi.encodePacked
here is correct - this is how the CREATE2
address derivation is specified. Note that none of the parameters to abi.encodePacked
are dynamic types:
hex"ff"
is a bytes1
which is not dynamic and has a static size of 1address(this)
is an address
which is not dynamic and has a static size of 20bytes32(0)
is a bytes32
which is not dynamic and has a static size of 32codeHash
is a bytes32
which is not dynamic and has a static size of 32
Github username: -- Twitter username: -- Submission hash (on-chain): 0xa6a3284659a5587ce0cf8e25c0a192477e4f6047474707d2241935f16754f2c3 Severity: low
Description: Description\ Use
abi.encode()
instead which will pad items to 32 bytes, which will prevent hash collisions (e.g.abi.encodePacked(0x123,0x456)
=>0x123456
=>abi.encodePacked(0x1,0x23456)
, butabi.encode(0x123,0x456)
=>0x0...1230...456
). "Unless there is a compelling reason,abi.encode
should be preferred". If there is only one argument toabi.encodePacked()
it can often be cast tobytes()
orbytes32()
instead. If all arguments are strings and or bytes,bytes.concat()
should be used insteadInstances (3):