First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

VotingBoothTest::testPwned() can perform arbitrary operations on developer's computer

wallebach

Summary

The following function is found in VotingBoothTest.t.sol:

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
cheatCodes.ffi(cmds);
}

This function is not related to the `Voting Booth' project. It creates a text file for no particular reason.

Vulnerability Details

foundry.toml has the ffi flag set to true. ffi allows arbitrary code to be executed, see the details here. This is potentially dangerous. Arbitrary commands can include those with embedded or accidental malicious actions. In this example, only a text file is created, but in general it's easy to fail to notice this when testing.

Impact

Medium. In this particular case, it was not a security issue, but in other cases, this command could be abused by malicious actors.

Tools used

Manual check

Recommendations

  • Inspect the code before execution

  • Set the `ffi' flag to false

  • Use an isolated testing environment

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

testPwned: ffi enabled for test

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.