Hashing Consecutive Variable Length Arguments

What it detects

When hashing multiple strings or bytes values using abi.encodePacked, concatenation can cause collisions if lengths are not encoded. This detector spots such hashes where variable-length arguments are placed consecutively without delimiters.

Typical symptoms

abi.encodePacked(a, b) used with both a and b dynamic types
Hash collisions possible for different input pairs

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract BadHash {
    function id(string memory a, string memory b) external pure returns (bytes32) {
        // Collisions when strings overlap in concatenation
        return keccak256(abi.encodePacked(a, b));
    }
}

Why it matters on EVM

Hash collisions may let attackers impersonate messages or bypass signature checks that rely on a unique hash.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM