Preventing metadata hash collisions
psiemens opened this issue · comments
Peter Siemens commented
The current NFT metadata serialization scheme is prone to duplicate encodings (and therefore duplicate hashes) when used with arbitrary-length values (e.g. strings).
For example:
"foo".concat("bar) == "foob".concat("ar")
In this case inputs are distinct but the concatenation is the same.
Peter Siemens commented
To solve this, I am likely going to add a constant-length size prefix to the following types:
String
Int
UInt
The remaining fields types (e.g. UInt64
, etc) have a constant-length encoding.