First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Malicious Test potentially allowing data extraction from the user running it

0xfuluz

Summary

The test suite includes a function named testPwned(), which executes arbitrary commands on the user's machine. This presents a significant security risk, as such commands could potentially extract sensitive data, establish a reverse shell for remote control, search for passwords, or install malware.

Vulnerability Details

Malicious has been injected in final test file, it looks inoffensive as it just creates a file but in some case, it can make more dangerous actions without user intention.

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned-remember-to-turn-off-ffi!");
cheatCodes.ffi(cmds);
}

More impact, scenario is demonstrated in the following proof of concept, where the user's API key could be compromised:

function testExtractKey() public {
string[] memory cmds = new string[](3);
cmds[0] = "bash";
cmds[1] = "-c";
cmds[2] = "env | grep ARBITRUMSCAN_API_KEY > apikey";
cheatCodes.ffi(cmds);
}

Impact

This issue is categorized as HIGH due to the direct risk it poses to funds and sensitive information.

Tools Used

Foundry & manual review

Recommendations

Always exercise caution before running third-party programs on your system. Ensure you understand the functionality of any command or script to prevent unintended consequences, especially those involving security vulnerabilities.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

testPwned: ffi enabled for test

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.