We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High Risk
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L71
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L76
Collision can exist due to the use of many dynamic types in abi.encodePacked
The computeEscrowAddress() function in EscrowFactory.sol calls abi.encodePacked() with multiple dynamic arguments and a collision is possible.
computeEscrowAddress()
EscrowFactory.sol
High impact on the creation of contracts
Do not use more than one dynamic type in abi.encodePacked(). Use abi.encode().
The text was updated successfully, but these errors were encountered:
The same issue is reported in this case as valid. Cyfrin/2023-08-sparkn#1 (comment)
The difference is that it categorizes badly and should have reported it as low.
Sorry, something went wrong.
If their is a collision hash, the transaction reverts, or you just redeploy. No loss.
No branches or pull requests
[H-03] ABI encodePacked Collision
Severity
High Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L71
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L76
Summary
Collision can exist due to the use of many dynamic types in abi.encodePacked
Vulnerability Details
The
computeEscrowAddress()
function inEscrowFactory.sol
calls abi.encodePacked() with multiple dynamic arguments and a collision is possible.Impact
High impact on the creation of contracts
Tools Used
Recommendations
Do not use more than one dynamic type in abi.encodePacked(). Use abi.encode().
The text was updated successfully, but these errors were encountered: