* WARNING: You should avoid using leaf values that are 64 bytes long prior to
* hashing, or use a hash function other than keccak256 for hashing leaves.
* This is because the concatenation of a sorted pair of internal nodes in
* the merkle tree could be reinterpreted as a leaf value.
The following code has an issue because it uses input.blobRoot and input.bridgeRoot as the bases for leaves, both of which are bytes32 (totaling 64 bytes). This allows conflicts between leaves and inner nodes.
Bauer
medium
Merkle leaf values are 64 bytes before hashing which can lead to merkle tree collisions
Summary
The protocol hashes 64 bytes when calculating leaf allowing it to collide with the internal nodes of the merkle tree.
Vulnerability Detail
MerkleProofUpgradeable.sol puts the following warning at the beginning of the contract:
The following code has an issue because it uses
input.blobRoot
andinput.bridgeRoot
as the bases for leaves, both of which are bytes32 (totaling 64 bytes). This allows conflicts between leaves and inner nodes.Impact
Users can abuse Merkle Tree collisions
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L491
Tool used
Manual Review
Recommendation
Use @openzeppelin/merkle-tree instead.
Duplicate of #10