First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

'VotingBoothTest.t.sol:testPwned' executes an arbitrary operation on the users machine when running the test suite

coffee

Summary

The test file SantasListTest.t.sol contains a function 'testPwned' that executes an arbitrary command on the users machine.

Vulnerability Details

When ran, this 'testPwned' function creates a file 'youve-been-pwned-remember-to-turn-off-ffi!' in the project directory. This is possible because in the foundry.toml file ffi = true. This is dangerous because malicious actions can be performed without being noticed by the user running the test suite!

Impact

Private keys can be stolen, information can be leaked, viruses can be injected, and much more!

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
cheatCodes.ffi(cmds);
}

Tools Used

--Foundry

Recommendations

It is recommended to delete the 'testPwned' function and set ffi = false in the foundry.toml file.

[profile.default]
src = "src"
out = "out"
libs = ["lib"]
remappings = [
'@openzeppelin/contracts=lib/openzeppelin-contracts/contracts',
'@solmate=lib/solmate-bad',
]
- ffi = true
+ ffi = false
[fmt]
number_underscore = "thousands"
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

testPwned: ffi enabled for test

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.