First Flight #6: Voting Booth

Description

The test suite contains a function called testPwned that has the ability to run any commands on the user's computer. This poses a substantial security threat, as these commands have the potential to retrieve confidential information, create a reverse shell for remote manipulation, look for passwords, or introduce malicious software.

This particular test, named testPwned exhibits malicious behavior despite its seemingly harmless action of creating a file called youve-been-pwned-remember-to-turn-off-ffi!. There is no legitimate reason for this test to exist other than to engage in malicious activities.

The proof of concept below demonstrates how this kind of test can open a reverse shell, granting an attacker full control over the user's machine.

Impact

This issue is classified as high severity due to the direct threat it poses to hawkers and developers.

The current implementation of this test is harmful, as it is being used in a security context. However, we can assume that the intended purpose of this functionality is to be harmful.

It has the potential to result in data breaches, including the exposure of private keys and passwords, unauthorized remote code execution, and the potential destruction of operating systems.

Proof of Concept

Recommended Mitigation

In this project, FFI is not useful, disable it in foundry.toml :

Before running forge test or any third-party programs on your system, it is crucial to ensure that you trust the source and, if possible, verify that all necessary security measures are in place to guarantee your safety. Specifically for Foundry, make sure that FFI (Foreign Function Interface) is disabled before executing any commands. If enabling FFI is necessary, thoroughly examine and verify the specific commands that will be used to mitigate potential risks.