Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Invalid

Sanity checks missing from `writeMessageInSharedSpace`, allowing unlimited messages and prev messages are overriten

Summary

The Soulmate contains potential vulnerabilities related to the handling of messages in the shared space. Two main issues have been identified: the lack of persistence for message history and the absence of limits on the number of messages a user can write.

Vulnerability Details

The current implementation overwrites the existing message in the shared space on each new request, resulting in a lack of message history.

Also, there is no restriction on the number of messages a user can write in the shared space, potentially leading to abuse and spam.

Impact

  1. Lack of Message Persistence:

    • Severity: Moderate

    • Consequence: Users may lose access to or reference previous messages, limiting the collaborative and interactive features of the shared space.

  2. Unlimited Message Writing:

    • Severity: Moderate

    • Consequence: Malicious users could flood the shared space with an unlimited number of messages, impacting usability and readability.

POC

  • Run the below test via cmd forge test --match-test testWriteMessageInSharedSpaceUnlimited -vvvv

function testWriteMessageInSharedSpaceUnlimited() public {
vm.prank(soulmate1);
// can create unlimited messages, e.g change the `10` to `999999`
for(uint256 i = 0; i < 10; ++i ) {
soulmateContract.writeMessageInSharedSpace("Hello");
}
soulmateContract.writeMessageInSharedSpace("Hello last message over ritten");
vm.prank(soulmate2);
string memory message = soulmateContract.readMessageInSharedSpace();
console2.log(soulmateContract.ownerToId(soulmate2));
console2.log(message);
}
Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 16.39ms
Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Recommendations

  1. Message History Preservation:

    • Recommendation: Modify the writeMessageInSharedSpace function to append new messages to the existing content in the shared space, allowing for the preservation of message history.

    • Example:

      function writeMessageInSharedSpace(string calldata message) external {
      uint256 id = ownerToId[msg.sender];
      sharedSpace[id] = string.concat(sharedSpace[id], " ", message); // Append message instead of overwriting
      emit MessageWrittenInSharedSpace(id, message);
      }
  2. Limit on Message Writing:

    • Recommendation: Implement limitations on the frequency or volume of messages a user can write in the shared space to prevent abuse and maintain a manageable shared space.

    • Example:

      modifier limitMessageWriting() {
      // Implement logic to check and limit the frequency or volume of messages
      _;
      }
      function writeMessageInSharedSpace(string calldata message) external limitMessageWriting {
      uint256 id = ownerToId[msg.sender];
      sharedSpace[id] = string.concat(sharedSpace[id], " ", message);
      emit MessageWrittenInSharedSpace(id, message);
      }
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.