Keccak Unequal Memory Lengths

What it detects

Calling keccak256 on memory slices with mismatched lengths can lead to incorrect hashing or wasted gas. This detector spots when the length argument does not match the actual array or bytes size provided.

Typical symptoms

Manual memory operations preceding keccak256
Length parameter computed incorrectly

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract HashLen {
    function bad(bytes memory data) external pure returns (bytes32 result) {
        assembly {
            // Using wrong length value
            result := keccak256(add(data, 32), 100)
        }
    }
}

Why it matters on EVM

Incorrect hashing can break authentication or uniqueness checks, leading to spoofing or logic errors.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM