Potential Hash Collision Vulnerability in Merkle Proof Verification
Summary
A potential vulnerability in the pick function related to the use of abi.encodePacked for generating a leaf node in a Merkle proof. This could lead to hash collisions and compromise the integrity of the Merkle proof verification.
Vulnerability Details
The UnripeFacet::pick function uses abi.encodePacked to concatenate the msg.sender address and amount before hashing to create a leaf node. Since abi.encodePacked does not pad its arguments, different combinations of msg.sender and amount could produce the same hash output, leading to a collision.
Impact
If exploited, an attacker could potentially claim more tokens than entitled or claim tokens on behalf of another user by crafting a collision in the Merkle proof. This could result in unauthorized token withdrawals or other malicious activities.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, it is recommended to replace the vulnerable line of code with the following:
This change ensures that each argument is hashed individually before being concatenated, significantly reducing the risk of hash collisions. The bytes.concat function is used to concatenate the hashed values safely.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.