Active Taffy Hornet
Medium
The hash is being created using abi.encodePacked at EthosAttestation::_keccakForCreateAttestation and EthosAttestation::getServiceAndAccountHash which contains dynamic type variables such as string and bytes. This can potentially lead to a hash collision due to the nature of encodePacked, which omits padding for more compact encoding. This increases the likelihood of hash collisions because different input values might result in the same packed output.
In EthosAttestation.sol:435 and EthosAttestation.sol:528, the abi.encodePacked is packing dynamic types such as string and bytes.
- A user needs to be verified in order to create attestation.
No response
- User calls the
createAttestationwith values which are susceptible to hash collisions.
A genuine user will have his attestation creation denied even though the inputs being different from the ones of previous signature.
No response
Consider using abi.encode to mitigate this issue.