First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Test contain `testPwned` function in which user terminal data can be compromised by running the test

naman1729

Summary

  • testPwned function in which user terminal data can be compromised by running the test. In this test the arbitrary command can be executed by the testPwned function.

Vulnerability Details

  • this function in the test creates a malicious new file(youve-been-pwned-remember-to-turn-off-ffi!) in the root directory of the project.

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
cheatCodes.ffi(cmds);
}

  • This function can be used to execute arbitrary commands on the user's terminal which can be used to compromise the user's data. So, there is no reason to have this function in the test.

Impact

  • creating a malicious file in the root directory of the project.

  • user's terminal data can be compromised by running the test.

Tools Used

  • Manual Review

Recommendations

  • Remove the testPwned function from the test.

- function testPwned() public {
- string[] memory cmds = new string[](2);
- cmds[0] = "touch";
- cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
- cheatCodes.ffi(cmds);
- }
Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

testPwned: ffi enabled for test

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!