-
Notifications
You must be signed in to change notification settings - Fork 4
eeshenggoh - The verification can lead to Merkle tree collision #10
Comments
It is theoretically impossible to find a leaf-pair combination that corresponds to a specific concatenated hash. Secondly, since the alignment of |
1 comment(s) were left on this issue during the judging contest. takarez commented:
|
Disputing per what I've said before + until there is a valid PoC. |
I'm closing this issue for now. If Watson wants he can escalate and provide a POC |
eeshenggoh
medium
The verification can lead to Merkle tree collision
Summary
AvailBridge
utilizes Merkle Proof for leaf verification; however, it overlooks the verification of the length of the leaf bytes.Vulnerability Detail
It's a must to ensure to avoid using leaf values that are 64 bytes long before hashing or utilize a hash function other than keccak256 for hashing leaves. This is because the concatenation of a sorted pair of internal nodes in the Merkle tree could be reinterpreted as a leaf value.
abi.encode
encodes the params according to the ABI specs. Params are padded out to 32 bytes.Since
abi.encode(bytes32,bytes32)
will also be 64 bytes it is possible to have a hash collision between a leaf and a parent node.Reference & Credits
Impact
The leaf and parent data have the same 64-byte size, allowing hash collisions between a leaf and any node. This enables the repetition of proofs using subtrees as leaves, leading to the creation of fraudulent proofs.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/1afb56b8d4dfbf5d3f21bed0ddf80a04730204b5/contracts/src/interfaces/IAvailBridge.sol#L22C1-L39C6
https://github.com/sherlock-audit/2023-12-avail/blob/1afb56b8d4dfbf5d3f21bed0ddf80a04730204b5/contracts/src/AvailBridge.sol#L491
Tool used
Manual Review
Recommendation
Use a combination of variables that does not sum to 64 bytes
The text was updated successfully, but these errors were encountered: