Description:
In the VaultBitcoinWallet.sol contract, the _random function is called with a hash generated using keccak256 and abi.encodePacked. The variables being encoded include dynamic types, which can lead to potential hash collisions.
1 Found Instances
- Found in VaultBitcoinWallet.sol [Line: 459](VaultBitcoinWallet.sol#L459)
```solidity
_changeSecretDerivationRoot = _random(keccak256(abi.encodePacked(value, _vaultScriptHash, _recoveryData, block.number)));
```
Using abi.encodePacked for dynamic variables can cause hash collisions because it concatenates the encoded data without any delimiters. This can lead to ambiguous results when decoding.
Github username: @mhhacker111 Twitter username: -- Submission hash (on-chain): 0x23ecae2bbf7f16c492bcc7b5999c902223813b966cc4efda8504c76010057e11 Severity: low
Description: In the VaultBitcoinWallet.sol contract, the _random function is called with a hash generated using keccak256 and abi.encodePacked. The variables being encoded include dynamic types, which can lead to potential hash collisions.
1 Found Instances
- Found in VaultBitcoinWallet.sol [Line: 459](VaultBitcoinWallet.sol#L459) ```solidity _changeSecretDerivationRoot = _random(keccak256(abi.encodePacked(value, _vaultScriptHash, _recoveryData, block.number))); ```Using abi.encodePacked for dynamic variables can cause hash collisions because it concatenates the encoded data without any delimiters. This can lead to ambiguous results when decoding.