Improper Input Validation
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using abi.encodePacked with multiple dynamic-length arguments (like bytes, string, or arrays) in hashing functions can lead to data collisions, where different inputs produce the same hash. This is because the packed encoding can cause ambiguity in how data boundaries are interpreted.
Impact#
An attacker could exploit this collision to bypass security checks, impersonate users, or manipulate contracts relying on unique hashes for authentication, signatures, or transaction integrity. This may lead to unauthorized access, theft of funds, or other critical contract failures.