Use abi.encodePacked
in _sign()
function similar to as done by Sapphire
#77
Labels
abi.encodePacked
in _sign()
function similar to as done by Sapphire
#77
Github username: --
Twitter username: --
Submission hash (on-chain): 0xeb5f742f50e72bd0b9a2ab9f05147ae2a027e65f13e3cceb384b38a88d86c2ef
Severity: low
Description:
Description\
AbstractTxSerializer.sol
,_sign()
has usedbytes.concat
to concatenate the input bytes32_sigHash
:Affected code:
illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf/packages/contracts/contracts/illuminex/xengine/chains/btc/wallet/tx-serializer/AbstractTxSerializer.sol
Line 90 in 3ad7c2a
The issue is that, for such
_sign
implementation, use ofbytes.concat()
is not recommended asbytes.concat()
per solidity documentation is used in case:_sigHash
is a single input in bytes32 form and its not arbitrary number of bytes to use the bytes.concate().Further, Sapphire has used
abi.encodePacked()
instead ofbytes.concat()
whereverSapphire.sign()
function used.For example in
Sapphire's
EthereumUtils.sol , see below how bytes32digest
has usedabi.encodePacked
to concatenate the bytes.Therefore, its recommended to use
abi.encodePacked()
.Recommendation to fix
Consider below changes in
AbstractTxSerializer.sol
:The text was updated successfully, but these errors were encountered: