Summary

Reading and encoding a JSON file from file path can be risky if the file is compromised or empty.

Vulnerability Details

If the JSON file is empty, despite the path to it being correct, the encoding will return empty string which can lead to issues afterwards. mip-m17.sol is a contract that provides extra security for the deployment of the proposal, therefore providing an extra check that the file is not empty will be very useful. Consider the providing a correct file path, but the content of the json file is empty. That will lead to encoding of empty string and will break the further implementation.

Impact

I am consider this as medium severity, because the likelihood of that to occur is low, however the whole file is designed to be extra safe, so it might be helpful to safe check that condition too, because if it happens, it can have negative outcome.

Tools Used

Foundry test

function testReadEmptyJson() public {
   string memory debtorsRaw = string(
            abi.encodePacked(
                vm.readFile("./src/proposals/mips/mip-m17/mFRAX.json")
            )
        );
    console.log("Emptystring", debtorsRaw);
}

As seen also here : https://github.com/Cyfrin/2024-03-Moonwell/blob/e57b8551a92824d35d4490f5e7f27c373be172bd/src/proposals/mips/mip-m17/mip-m17.sol#L127

and

https://github.com/Cyfrin/2024-03-Moonwell/blob/e57b8551a92824d35d4490f5e7f27c373be172bd/src/proposals/mips/mip-m17/mip-m17.sol#L238

Recommendations

require the encoded string to not be empty