First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

VotingBoothTest::testPwned() allows execution of arbitrary operations

y0ng0p3

Summary

VotingBoothTest::testPwned() allows allows execution of arbitrary operations on the user's machine without even user noticing.

Vulnerability Details

Amongs the tests in VotingBoothTest.t.sol there is testPwned(), which is a function that executes arbitrary commands on the user's machine.
Such commands present a potential risk as they could lead to the theft of funds, extration/destruction of data.

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
cheatCodes.ffi(cmds);
}

VotingBoothTest.t.sol::testPwned() uses the ffi cheatcode which is enabled in foundry.toml by ffi = true assignment.

Impact

This can lead to the theft of funds, extration/destruction of data, malware installation.

Tools Used

Manual review

Recommendations

Remove VotingBoothTest::testPwned() and avoid using ffi cheatcode

And/Or

Ensure you understand the functionality of any command or script to prevent unintended consequences, especially those involving security vulnerabilities.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

testPwned: ffi enabled for test

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.