Quiet Cyan Hyena
High
EthosAttestation._keccakForCreateAttestation() function uses abi.encodePacked(), which is vulnerable to hash collision attacks.
By exploiting this vulnerability, malicious user can steal another user's attestation.
EthosAttestation._keccakForCreateAttestation() function is following.
function _keccakForCreateAttestation(
uint256 profileId,
uint256 randValue,
string calldata account,
string calldata service,
string calldata evidence
) private pure returns (bytes32) {
return keccak256(abi.encodePacked(profileId, randValue, account, service, evidence));
}As can be seen, the function uses abi.encodePacked() to encode the message. Here service refers to the social media service (e.g., x.com or fb.com) and account refers to the user's account name (e.g., benwalther256 or ivansolo512). Since there is no restrictions on service and account, this can lead to hash collisions.
By exploiting this vulnerability, a malicious user can steal another user's attestation.
No response
There must exist social media services whose names have an inclusion relationship (e.g., fb.com and xfb.com).
- Assume that there exist social media services named
fb.comandxfb.com. - A user has an account named
auseronxfb.comwith a high reputation. - An attacker creates an account named
auserxonfb.com. - The attacker obtains a signature
sig1in Ethos web app usingaccount = 'auserx'andservice = 'fb.com'. - The attacker creates an attestation by calling
EthosAttestation.createAttestation()function withaccount = 'auser',service = 'xfb.com'andsignature = 'sig1'. - Thus the attacker has stolen attestation from another user with a high reputation.
A malicious attacker can increase his reputation by stealing another user's attestation. This harms the legitimate user by stealing their account attestation and reputation.
No response
Use abi.encode() function instead of abi.encodePacked() in the EthosAttestation._keccakForCreateAttestation() to avoid hash collisions.