Data encoding problem lead to a hash collision in LibMuonSettlement.sol
Summary
The way encodedData is constructed using abi.encodePacked in a loop may lead to unexpected results if not handled correctly, particularly if quotesSettlementsData can be influenced by user input.
Root Cause
In LibMuonSettlement library, the way data is encoded for creating a hash can lead to vulnerabilities if the encoding process does not properly validate or sanitize the input data.
The function constructs a hash using abi.encodePacked with potentially user-controlled data (settleSig.quotesSettlementsData[i].quoteId, settleSig.quotesSettlementsData[i].currentPrice, etc.). If an attacker can manipulate this data, they may be able to create a hash collision, leading to unintended consequences in signature verification.
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/libraries/muon/LibMuonSettlement.sol#L21-L41
Internal pre-conditions
QuoteStorage.layout().quotes is not properly managed, so an attacker can insert or modify entries in a way that they can control quoteId and currentPrice.
External pre-conditions
No response
Attack Path
The attacker can create two different sets of data that produce the same output when passed to abi.encodePacked, potentially allowing them to pass the signature verification without having a valid signature.
// Example of two different inputs that could produce the same hash
bytes32 hash1 = keccak256(abi.encodePacked("quoteId_1", "100"));
bytes32 hash2 = keccak256(abi.encodePacked("quoteId_2", "100"));
// If hash1 and hash2 collide, it can lead to a hash collision vulnerability
Impact
If an attacker can create a hash collision, they could potentially forge signatures for arbitrary data, allowing them to manipulate state or funds in the contract.
By colliding hashes, the attacker might trick the system into accepting invalid data as legitimate, resulting in unauthorized access to funds or features of the smart contract.
If the vulnerability is exploited, it could lead to loss of funds, damage to the project’s reputation, and reduced trust from users and investors.
PoC
No response
Mitigation
Use of abi.encodeinstead of abi.encodePacked: abi.encode creates a more complex and unique encoding that reduces the chances of collisions. It is generally safer for encoding multiple parameters.
Validate inputs before encoding them to ensure they conform to expected formats and limits. This helps prevent the introduction of invalid or malicious data.
Restrict user input where possible. For example, if certain data should come from a trusted source (like an oracle or an admin function), make sure to enforce that control.
Implement checks on the length of data being processed to avoid excessively large or complex inputs that could lead to high gas costs or even transaction failures.
safdie
Medium
Data encoding problem lead to a hash collision in
LibMuonSettlement.solSummary
The way
encodedDatais constructed usingabi.encodePackedin a loop may lead to unexpected results if not handled correctly, particularly ifquotesSettlementsDatacan be influenced by user input.Root Cause
In
LibMuonSettlementlibrary, the way data is encoded for creating a hash can lead to vulnerabilities if the encoding process does not properly validate or sanitize the input data. The function constructs a hash usingabi.encodePackedwith potentially user-controlled data (settleSig.quotesSettlementsData[i].quoteId,settleSig.quotesSettlementsData[i].currentPrice, etc.). If an attacker can manipulate this data, they may be able to create a hash collision, leading to unintended consequences in signature verification. https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/libraries/muon/LibMuonSettlement.sol#L21-L41Internal pre-conditions
QuoteStorage.layout().quotesis not properly managed, so an attacker can insert or modify entries in a way that they can controlquoteIdandcurrentPrice.External pre-conditions
No response
Attack Path
The attacker can create two different sets of data that produce the same output when passed to
abi.encodePacked, potentially allowing them to pass the signature verification without having a valid signature.Impact
PoC
No response
Mitigation
abi.encodeinstead ofabi.encodePacked:abi.encodecreates a more complex and unique encoding that reduces the chances of collisions. It is generally safer for encoding multiple parameters.