Solidity file Extension.sol contains a function that inputs a dynamic array and outputs a 32bit Blake2b hash.

Here is the abridged flow of this method:

File: Extension.sol Method: blake2b256 input: bytes
output: bytes32 Method: ExtensionNative input: bytes
output: bytes32

               ⇩

File: nativecalls.go Method: nativeblake2b256 input: []byte output: thor.Bytes32 (impl.)

               ⇩

File: extension.go Method: Blake2b256 input: []byte output: thor.Bytes32

It is logical for this function to have a dynamically-sized array as input and a fixed-size array as output because of the large upper bound of blake2b (i.e. the input array can have any size).

Given that the algorithm is isolated--via native calls--from the pure contractual logic and can be later modified, would it not be wiser to assert, in the contract, that the output of the hashing function is, indeed, a fixed-size 32 bit array?

Open /builtin/gen/Extension.sol

Very low and hypothetical.

Add an assert into function blake2b256(bytes _value) public view returns(bytes32) that checks that ExtensionNative(this).nativeblake2b256(value) returns a 32bit array?

I evaluate the severity level as None because I do not know how this lack of assertion could realistically become a vulnerability. This is more a FYI.

Thus, I understand and acknowledge that this report will not be unrewarded.