This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
0xnirlin - abi.encodePacked may get removed in solidity version 0.9.0 #349
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0xnirlin
medium
abi.encodePacked may get removed in solidity version 0.9.0
Summary
Protocol is using abi.encodePacked is being used in two contracts which is not recommended to be used due to hash collisions and also may get deprecated in future.
Vulnerability Detail
At following places protocol is using abi.encodePacked:
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L153-L161
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L116-L122
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumAcademy.sol#L235-L241
which is not recommended to be used due to hash collision and may also get deprecated in 0.9.0 version of solidity, check following issue in solidity repo:
ethereum/solidity#11593
Impact
Can lead to unexpected results.
Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L153-L161
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPrizeDistributor.sol#L116-L122
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumAcademy.sol#L235-L241
Tool used
Manual Review
Recommendation
use abi.encode or use bytes.concat
The text was updated successfully, but these errors were encountered: