The use of encodePacked is not eip712 compliant and in this instance cause hash collisions.
Summary
Using encode packed in not eip712 compliant and the use of encodePacked can cause hash collions.
Vulnerability Details
From the solidity Docs we can see a warning
https://docs.soliditylang.org/en/v0.8.17/abi-spec.html?highlight=collisions#non-standard-packed-mode
If you use keccak256(abi.encodePacked(a, b)) and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked("a", "bc") == abi.encodePacked("ab", "c")
Additionally in the open zeppelin docs it states that use of keccak256 and encode(not packed) are acceptable, but never states that encodePacked is acceptable.
https://docs.openzeppelin.com/contracts/3.x/api/drafts#EIP712
The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in their contracts using a combination of abi.encode and keccak256.
Impact
Possible hash collions when using encodePacked, and not eip712 compliant
Tools Used
manual review
Recommendations
do not use encode packed
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.