search

hats-finance / SafeStaking-by-HOPR-0x607386df18b663cf5ee9b879fbc1f32466ad5a85

HOPR is an open incentivized mixnet which enables privacy-preserving point-to-point data exchange. HOPR is similar to Tor but actually private, decentralized and economically sustainable.
https://hoprnet.org
GNU General Public License v3.0
0 stars 1 forks source link

Constant keccak should be immutable #33

Open hats-bug-reporter[bot] opened 1 year ago

hats-bug-reporter[bot] commented 1 year ago

Github username: -- Submission hash (on-chain): 0x6959e15452f5e8f1bac654463d2ec1022d095606de21b36549737603fa5e8569 Severity: low

Description: Description

In solidity constant keccak variables are treated as expressions, not constants.

Attack Scenario

Standard solidity practice is performing all hashing assignment in the constructor or else the keccak256 operation being performed whenever the variable is used.

Attachments https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/Channels.sol#L94

Recommendation

Declare TOKENS_RECIPIENT_INTERFACE_HASH as immutable and carryout the hashing assignment at time of deployment through the constructors.

-    bytes32 public constant TOKENS_RECIPIENT_INTERFACE_HASH = keccak256("ERC777TokensRecipient");

+    bytes32 public immutable TOKENS_RECIPIENT_INTERFACE_HASH;
QYuQianchen commented 1 year ago

Invariants should be constant