ffi cheatcode enabled with malicious function in test file
Summary
The foundry ffi cheatcode is enabled in this project and a test function runs malicious code on the developers device.
Vulnerability Details
In foundry.toml ffi = true.
In the mocks folder, ffi signature present.
In the SantasListTest.t.sol, a function called testPwned produces a string "youve-been-pwned" when the developer runs the test file.
Impact
This could result in auditors or protocol developers running malicious code on their own devices. And could lead to loss of trust in the protocol and one's personal device.
Per the Foundry Book:
"Warning: Enabling this cheatcode has security implications for your project, as it allows tests to execute arbitrary programs on your computer."
More can be found here: https://book.getfoundry.sh/reference/config/testing#ffi
Tools Used
Manual inspection.
Recommendations
Disable the ffi cheatcode. Be cautious downloading open source code from GitHub to your personal device.
Lead Judging Commences
test_pwned FFI vulnerability
The FFI variable within Foundry.TOML was set to TRUE. This variable gives foundry shell access and allows it to run commands on your terminal. The possibility of exploitation through this means are endless! This repo exploited this flag through test_pwned Keep an eye out before running tests!
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.