OCC - Detect collision due to dynamic type usages

[github-actions[bot]]

OCC

high

Detect collision due to dynamic type usages

Summary

The collision issues in the _getNameAndSymbol function can lead to unintended conflicts and unexpected behavior in the system. Different combinations of input parameters can generate the same name and symbol values, causing confusion and compromising data integrity.

Vulnerability Detail

The detection of a collision due to dynamic type usages in abi.encodePacked () means that there is a risk of unintended collisions occurring in the generated name and symbol strings. The code uses dynamic inputs, such as token symbols, strike prices, and date components, to construct these strings. However, collisions can occur if different combinations of inputs produce the same resulting name or symbol. This can lead to unexpected behavior or conflicts within the system.

Impact

Collisions in the generated strings can compromise the integrity of the data stored or processed based on the generated name and symbol, however, collisions can result in unpredictable behavior. This may affect the functionality, logic, or business processes that rely on the uniqueness of these strings.

Code Snippet

https://github.com/sherlock-audit/2023-06-bond/blob/main/options/src/fixed-strike/FixedStrikeOptionTeller.sol#L568-L673

Tool used

Slither https://github.com/crytic/slither

Manual Review

Recommendation

As slither's Detector-Documentation, Do not use more than one dynamic type in abi.encodePacked(). Use abi.encode(), preferably.