This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
SanketKogekar - abi.encodePacked should stop to be used since there are conversions around to deprecate it in future versions of Solidity
#171
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
SanketKogekar
medium
abi.encodePackedshould stop to be used since there are conversions around to deprecate it in future versions of SoliditySummary
abi.encodePacked()will be removed according to Solidity guide ethereum/solidity#11593Also it will cause vulnerability in case of future update where you add dynamic types as arguments. Described in here https://docs.soliditylang.org/en/v0.8.19/abi-spec.html#non-standard-packed-mode
Vulnerability Detail
Impact
abi.encodePackedwill behaviour unexpectedly in case of future Solidity update and should not be used.It will break the MerkleProof check if you add dynamic types in leaf argument in next protocol upgrade.
Code Snippet
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTradingFactory.sol#L123-L124
Tool used
Manual Review
Recommendation
Use
abi.encode()orbytes.concat()instead ofabi.encodePacked.The text was updated successfully, but these errors were encountered: