psiemens
commented
2 years ago To solve this, I am likely going to add a constant-length size prefix to the following types:
StringIntUInt
The remaining fields types (e.g. UInt64, etc) have a constant-length encoding.
The current NFT metadata serialization scheme is prone to duplicate encodings (and therefore duplicate hashes) when used with arbitrary-length values (e.g. strings).
For example:
In this case inputs are distinct but the concatenation is the same.