First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

`MartenitsaToken::createMartenitsa` design @param is not properly checked, producer can create a martenitsa token with an empty string as design or with design without any meaning

vesper

Summary

In MartenitsaToken::createMartenitsa design @param is not properly checked, so a producer can create a martenitsa token with a whitespace as design (It holds a specific ASCII value which is 32) or with a design without any meaning.

Vulnerability Details

The require control structure (L37 of MartenitsaToken.sol) does not correctly control the "Design" input parameter.

function testCreateMartenitsaCalledWithDesignEqualZero() public {

vm.prank(jack);

vm.expectRevert();

martenitsaToken.createMartenitsa(" ");

}

require(bytes(design).length > 0, "Design cannot be empty");

Impact

Martenitsa token can be created with an empty string as design or with a design without any meaning.

Tools Used

Manuel review

Recommendations

Create a custom error based on your check DesignToBytes == 0 and DesignToBytes is checks against the hexadecimal values of common whitespace characters:

0x20 - Space
0x5f - Horizontal Tab

So whitespace and horizontal tab won't be accepted as design character but you can add more design rules in the if statement if you decide to authorize only some specific design.

// Custom errors

error MartenitsaToken__DesignLengthIsEmpty();

error MartenistsaToken__IsAWhitespace();

/**

* @notice Function to create a new martenitsa. Only producers can call the function.

* @param design The type (bracelet, necklace, Pizho and Penda and other) of martenitsa.

function createMartenitsa(string memory design) external {

require(isProducer[msg.sender], "You are not a producer!");

bytes memory designToBytes = bytes(design);

if (designToBytes.length == 0) {

revert MartenitsaToken__DesignLengthIsEmpty(); // Consider an empty string as not only whitespace

}

for (uint256 i = 0; i < designToBytes.length; i++) {

if (designToBytes[i] == 0x20 || designToBytes[i] == 0x5f) {

revert MartenistsaToken__IsAWhitespace();

}

uint256 tokenId = _nextTokenId++;

tokenDesigns[tokenId] = design;

countMartenitsaTokensOwner[msg.sender] += 1;

emit Created(msg.sender, tokenId, design);

_safeMint(msg.sender, tokenId);

}

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Empty string as design

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.