ffi is being imported by test script via CheatCodes.t.sol to run arbitrary code.
ffi (Foreign Function Interface) is often used in testing environments like Foundry to allow smart contracts to interact with system-level operations or external data that are not typically accessible within the Ethereum Virtual Machine (EVM).
ffi can allow reading files, making HTTP requests, or executing system commands during tests. FFI should not be available in a production or mainnet environment due to security and decentralization concerns.
visual review
ffi can be useful for simulating various conditions and states that would be hard or impossible to replicate on mainnet.
However, it is not suitable for deployment in a production environment.
Ensure that production contracts do not include or rely on this testing feature.
set ffi = false in foundry.toml (line 10)
remove CheatCodes.t.sol file in /test/mocks/
remove import {_CheatCodes} from "./mocks/CheatCodes.t.sol"; statement from VotingBoothTest.t.sol in /test/
remove _CheatCodes cheatCodes = _CheatCodes(HEVM_ADDRESS); (line 18 VotingBoothTest.t.sol in /test/)
remove testPwned() function (line 88-93 VotingBoothTest.t.sol in /test/)
remove file 'youve-been-pwned-remember-to-turn-off-ffi!' in project root if exists
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.