First Flight #9: Soulmate

First Flight #9

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Sanity checks missing from `writeMessageInSharedSpace`, allowing unlimited messages and prev messages are overriten

0xtheblackpanther

Summary

The Soulmate contains potential vulnerabilities related to the handling of messages in the shared space. Two main issues have been identified: the lack of persistence for message history and the absence of limits on the number of messages a user can write.

Vulnerability Details

The current implementation overwrites the existing message in the shared space on each new request, resulting in a lack of message history.

Also, there is no restriction on the number of messages a user can write in the shared space, potentially leading to abuse and spam.

Impact

Lack of Message Persistence:
- Severity: Moderate
- Consequence: Users may lose access to or reference previous messages, limiting the collaborative and interactive features of the shared space.
Unlimited Message Writing:
- Severity: Moderate
- Consequence: Malicious users could flood the shared space with an unlimited number of messages, impacting usability and readability.

POC

Run the below test via cmd forge test --match-test testWriteMessageInSharedSpaceUnlimited -vvvv

function testWriteMessageInSharedSpaceUnlimited() public {

vm.prank(soulmate1);

// can create unlimited messages, e.g change the `10` to `999999`

for(uint256 i = 0; i < 10; ++i ) {

soulmateContract.writeMessageInSharedSpace("Hello");

}

soulmateContract.writeMessageInSharedSpace("Hello last message over ritten");

vm.prank(soulmate2);

string memory message = soulmateContract.readMessageInSharedSpace();

console2.log(soulmateContract.ownerToId(soulmate2));

console2.log(message);

}

Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 16.39ms

Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Recommendations

Message History Preservation:
- Recommendation: Modify the writeMessageInSharedSpace function to append new messages to the existing content in the shared space, allowing for the preservation of message history.
- Example:
  function writeMessageInSharedSpace(string calldata message) external {
  uint256 id = ownerToId[msg.sender];
  sharedSpace[id] = string.concat(sharedSpace[id], " ", message); // Append message instead of overwriting
  emit MessageWrittenInSharedSpace(id, message);
  }
Limit on Message Writing:
- Recommendation: Implement limitations on the frequency or volume of messages a user can write in the shared space to prevent abuse and maintain a manageable shared space.
- Example:
  modifier limitMessageWriting() {
  // Implement logic to check and limit the frequency or volume of messages
  _;
  }
  
  function writeMessageInSharedSpace(string calldata message) external limitMessageWriting {
  uint256 id = ownerToId[msg.sender];
  sharedSpace[id] = string.concat(sharedSpace[id], " ", message);
  emit MessageWrittenInSharedSpace(id, message);
  }

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

233

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.