[H-1] Hash Collision Risk Due to abi.encodePacked() with Dynamic Types in TokenDivider::divideNft
Summary
The abi.encodePacked() function is used with dynamic types (e.g., string) when generating input for a hash function. This can result in potential hash collisions because abi.encodePacked() concatenates the input arguments without padding them to 32 bytes. Such collisions can lead to unintended behavior or vulnerabilities if the resulting hash is used for critical operations.
Vulnerability Details
The TokenDivider::divideNft function uses abi.encodePacked() with dynamic types (e.g., string) to generate token names and symbols. This can result in hash collisions, as abi.encodePacked() does not pad inputs to 32 bytes, leading to potential vulnerabilities if the resulting hash is used for critical operations.
Code Snippet:
Impact:
High Impact: Potential for hash collisions when dynamic types are used in abi.encodePacked().
High Likelihood: Hash collisions can occur if two different inputs produce the same hash, leading to unintended behavior or vulnerabilities.
Critical Risk: If the resulting hash is used for critical operations (e.g., token generation or access control), it could compromise the security and reliability of the contract.
Tools Used
Foundry
Aderyn
Recommendations
Replace abi.encodePacked() with abi.encode() to ensure proper padding of dynamic types and prevent hash collisions. Alternatively, if all arguments are strings or bytes, consider using bytes.concat().
Updated Code Example:
If there's only one argument, casting to bytes or bytes32 may suffice. For instance:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.