From the solidity documentation: https://docs.soliditylang.org/en/v0.8.17/abi-spec.html?highlight=collisions#non-standard-packed-mode > If you use keccak256(abi.encodePacked(a, b)) and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked("a", "bc") == abi.encodePacked("ab", "c"). This can result in the submission of values that were not actually signed
As the solidity docs describe, two or more dynamic types are passed to abi.encodePacked. Moreover, the dynamic value settleSig is user-specified function arguments in the function above , meaning anyone can directly specify the value of these arguments when calling the function
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
This can result in the submission of values that were not actually signed
PoC
No response
Mitigation
Instead of writing functions to accept several arguments that are hashed inside the function, consider rewriting the function to take the hashed value as a function argument directly so that the hashing process happens off-chain. This approach would solve the issue and save gas.
air_0x
Medium
abi.encodePacked Allows Hash Collision
Summary
From the solidity documentation: https://docs.soliditylang.org/en/v0.8.17/abi-spec.html?highlight=collisions#non-standard-packed-mode > If you use keccak256(abi.encodePacked(a, b)) and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked("a", "bc") == abi.encodePacked("ab", "c"). This can result in the submission of values that were not actually signed
Root Cause
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/libraries/muon/LibMuonSettlement.sol#L21
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/libraries/muon/LibMuonSettlement.sol#L28
In function verifySettlement()
As the solidity docs describe, two or more dynamic types are passed to
abi.encodePacked
. Moreover, the dynamic valuesettleSig
is user-specified function arguments in the function above , meaning anyone can directly specify the value of these arguments when calling the functionInternal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
This can result in the submission of values that were not actually signed
PoC
No response
Mitigation
Instead of writing functions to accept several arguments that are hashed inside the function, consider rewriting the function to take the hashed value as a function argument directly so that the hashing process happens off-chain. This approach would solve the issue and save gas.