abi.encodePacked
should not be used with dynamic types when passing the result to a hash function such as keccak256. Use abi.encode
instead, which will pad items to 32 bytes, to prevent any hash collisions.
The vulnerable code snippet demonstrates the computeEscrowAddress function, where abi.encodePacked
is used in conjunction with a hash function, keccak256, to calculate a predicted address.
Using abi.encodePacked
with dynamic types can lead to potential hash collisions
Manual Review
To avoid potential hash collisions, it's recommended to use abi.encode
instead of abi.encodePacked
when passing the result to a hash function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.