Using abi.encodePacked can lead to hash collisions

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa274005579d87c1fa724917eacb5ac328cbfe94f52a872fb55bb46cc4b0df23b Severity: low

Description: Description\ LP and stableswap factories use abi.encodePacked which can lead to collisions. Attack Scenario\

From solidity docs:

If you use keccak256(abi.encodePacked(a, b)) and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked("a", "bc") == abi.encodePacked("ab", "c").

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional) Use abi.encode instead of abi.encodePacked

[omega-audits]

From the solidity docs:

and both a and b are dynamic types,