Hash Collision Vulnerability in verifyPartyBUpnl Function of LibMuon
Vulnerability Details
The verifyPartyBUpnl function in the LibMuon library uses abi.encodePacked to calculate hashes, which can lead to hash collisions due to the presence of dynamic arrays.
Specifically, the function’s reliance on this method can result in different structures producing identical hash values, thereby facilitating malicious actions.
The use of abi.encodePacked with the dynamic array upnlSig.reqId introduces the risk of hash collisions. Since reqId is a dynamic byte array, two different instances could produce the same serialized byte representation, leading to identical hash values.
Impact
Due to conflicting hash values, signatures can be substituted for each other, making malicious use of illegal signatures possible.
Recommendation
Replace abi.encodePacked with abi.encode to ensure that type information is included in the hash calculation, preventing hash collisions.
0xShoonya
High
Hash Collision Vulnerability in
verifyPartyBUpnl
Function ofLibMuon
Vulnerability Details
The
verifyPartyBUpnl
function in the LibMuon library usesabi.encodePacked
to calculate hashes, which can lead to hash collisions due to the presence of dynamic arrays.Specifically, the function’s reliance on this method can result in different structures producing identical hash values, thereby facilitating malicious actions. The use of
abi.encodePacked
with the dynamic arrayupnlSig.reqId
introduces the risk of hash collisions. SincereqId
is a dynamicbyte
array, two different instances could produce the same serialized byte representation, leading to identical hash values.Impact
Due to conflicting hash values, signatures can be substituted for each other, making malicious use of illegal signatures possible.
Recommendation
Replace
abi.encodePacked
withabi.encode
to ensure that type information is included in the hash calculation, preventing hash collisions.