CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: low

Potential Hash Collisions When Using abi.encodePacked with Dynamic Types Inside Keccak256

hunter_w3b

Summary

abi.encodePacked should not be used with dynamic types when passing the result to a hash function such as keccak256. Use abi.encode instead, which will pad items to 32 bytes, to prevent any hash collisions.

Vulnerability Details

The vulnerable code snippet demonstrates the computeEscrowAddress function, where abi.encodePacked is used in conjunction with a hash function, keccak256, to calculate a predicted address.

function computeEscrowAddress(
bytes memory byteCode,
address deployer,
uint256 salt,
uint256 price,
IERC20 tokenContract,
address buyer,
address seller,
address arbiter,
uint256 arbiterFee
) public pure returns (address) {
address predictedAddress = address(
uint160(
uint256(
keccak256(
abi.encodePacked(
bytes1(0xff),
deployer,
salt,
keccak256(
abi.encodePacked(
byteCode, abi.encode(price, tokenContract, buyer, seller, arbiter, arbiterFee)
)
)
)
)
)
)
);
return predictedAddress;
}

Impact

Using abi.encodePacked with dynamic types can lead to potential hash collisions

Tools Used

Manual Review

Recommendations

To avoid potential hash collisions, it's recommended to use abi.encode instead of abi.encodePacked when passing the result to a hash function.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.