Calldata Ambiguity – Analyzing the Likelihood of Hash Collisions in Solidity

calldatahashkeccak

To call a function in a smart contract, a transaction (or a message call depending on where it originates from) is sent to the contract address with a data field that has the encoded function signature and parameters. This encoding is done by taking the first 4 bytes of the keccak256 hash of the function signature and appending to it is the hash of each argument padded with 0s to 32 bytes width.

If, for example, I want to call a function doSomething() that takes no arguments, the calldata would just be the first 4 bytes of the keccack256 hash of the signature:

keccak256('doSomething()') = 0x82692679

Now, since we only take the first 4 bytes isn't the possibility of overlap much higher now? How is this still maintaining cryptographic hash properties? I tried producing 2 function signatures with the same first 4 bytes (and I obviously couldn't) but my question is: how likely is it?

Best Answer

This is actually something that can happen. The possibility of it happening randomly in the same contract is very low, which is 1/2^32. But if someone wants to make this attack happen she can easily find two functions with the same signature. While it does happen though, the solidity compiler will refuse to compile any contract that has a function selector collision within the same contract. However, that is not the case with proxies.

This was the idea behind one of the vulnerabilities found in earlier proxy patterns, which is called signature clashing. If you want to read more about it, you can find more information here.

Related Solutions

Keccak256 – How to Pass a String to be Hashed Using Keccak256

try this snipet

function bytes32ToString(bytes32 x) constant returns (string) {
    bytes memory bytesString = new bytes(32);
    uint charCount = 0;
    for (uint j = 0; j < 32; j++) {
        byte char = byte(bytes32(uint(x) * 2 ** (8 * j)));
        if (char != 0) {
            bytesString[charCount] = char;
            charCount++;
        }
    }
    bytes memory bytesStringTrimmed = new bytes(charCount);
    for (j = 0; j < charCount; j++) {
        bytesStringTrimmed[j] = bytesString[j];
    }
    return string(bytesStringTrimmed);
}

 function someFunction(bytes32 _string) returns(bool){
    bool result = false;
    bytes32 hashparameter = sha3(bytes32ToString(_string));
    bytes32 hashstring = sha3("hello");
    if(hashstring == hashparameter) {
        result = true;
    }

    return result;

}

the first function converts bytes32 to string then passes the result to hashing function. I've tried it gives true for "hello".

Keccak Hash – Get Method ID ‘Keccak Hash’ in Python

With a recent (>=1.0) version of pysha3 you can recreate the method ID with:

from sha3 import keccak_256
sha3_hash = keccak_256("baz(uint32,bool)").hexdigest()
method_id = "0x"+sha3_hash[:8]
print method_id

If your pysha3 is old (eg pinned atpysha3==0.3) you need:

from sha3 import sha3_256
sha3_hash = sha3_256("baz(uint32,bool)").hexdigest()
method_id = "0x"+sha3_hash[:8]
print method_id

Explanation: After Ethereum adopted what was then the most recent candidate for SHA3, the standard was changed. What Ethereum uses is now called Keccak instead of SHA3.

Best Answer

Related Solutions

Keccak256 – How to Pass a String to be Hashed Using Keccak256

Keccak Hash – Get Method ID ‘Keccak Hash’ in Python

Related Topic