`VotingBoothTest: testPwned` executes arbitrary operation on caller machine, that can result in taking control over the machine to drain funds or steal sensitive data
Summary
In the test file VotingBoothTest.t.sol there is a function testPwned that executes an operation that is not related to smart contract testing. This function creates a file without the user to notice.
Vulnerability Details
In VotingBoothTest.t.sol, unit tests are written by the protocol team to test if the code in VotingBooth is working as intended or not. But it comes with a function testPwned that is not related to unit testing. This function executes the code to do arbitrary things and the user can even not understand that.
Also, in the file foundry.toml you'll notice ffi = true which enables running arbitrary code via tests. When all tests are executed by the foundry command forge test, the malicious code in the test file is also executed. In the example in the test file VotingBoothTest.t.sol the malicious code creates a file named youve-been-pwned-remember-to-turn-off-ffi!, but through this function the malicious user can make everything, it is a phishing technique to get entry to user machine and to access his data. Whoever has control over the test can trick you to run any command on your computer.
Impact
The malicious function VotingBoothTest: testPwned can be used to drain caller funds or steal sensitive data from the caller machine.
Tools Used
Manual Review
Recommendations
Everyone should check the code before running it. The ffi option also should be disabled in foundry.toml.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.