Highleighmcculloch

**Name of the Vulnerable Software and Affected Versions** soroban-poseidon (affected versions not specified) **Description** The soroban-poseidon software provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. The Poseidon V1 implementation (PoseidonSponge) is susceptible to hash collisions when handling variable-length inputs without injective padding. Specifically, if the number of inputs provided to the `PoseidonSponge` function is less than the sponge rate (`inputs.len() < T - 1`), unused rate positions are implicitly filled with zeros. This allows for trivial hash collisions, where `hash([m1, ..., mk])` equals `hash([m1, ..., mk, 0])` when the sponge rate is greater than k. This issue impacts any use of `PoseidonSponge` or `poseidon hash` where the number of inputs is less than `T - 1`, such as hashing a single input with `T=3`. The Poseidon2 implementation (Poseidon2Sponge) is not affected because it encodes the input length in the capacity element. The `PoseidonSponge::compute hash` function is vulnerable. **Recommendations** Upgrade to the next release containing the fix that enforces `inputs.len() == RATE` in `PoseidonSponge::compute hash`. If upgrading is not immediately possible, ensure callers always use `T = inputs.len() + 1` (full-rate). Alternatively, migrate to `Poseidon2Sponge`, which is safe for variable-length inputs.