Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: low
Valid

`MartenitsaToken::createMartenitsa` design @param is not properly checked, producer can create a martenitsa token with an empty string as design or with design without any meaning

Summary

In MartenitsaToken::createMartenitsa design @param is not properly checked, so a producer can create a martenitsa token with a whitespace as design (It holds a specific ASCII value which is 32) or with a design without any meaning.

Vulnerability Details

The require control structure (L37 of MartenitsaToken.sol) does not correctly control the "Design" input parameter.

function testCreateMartenitsaCalledWithDesignEqualZero() public {
vm.prank(jack);
vm.expectRevert();
martenitsaToken.createMartenitsa(" ");
}
require(bytes(design).length > 0, "Design cannot be empty");

Impact

Martenitsa token can be created with an empty string as design or with a design without any meaning.

Tools Used

Manuel review

Recommendations

Create a custom error based on your check DesignToBytes == 0 and DesignToBytes is checks against the hexadecimal values of common whitespace characters:

  1. 0x20 - Space

  2. 0x5f - Horizontal Tab

So whitespace and horizontal tab won't be accepted as design character but you can add more design rules in the if statement if you decide to authorize only some specific design.

// Custom errors
error MartenitsaToken__DesignLengthIsEmpty();
error MartenistsaToken__IsAWhitespace();
/**
* @notice Function to create a new martenitsa. Only producers can call the function.
* @param design The type (bracelet, necklace, Pizho and Penda and other) of martenitsa.
*/
function createMartenitsa(string memory design) external {
require(isProducer[msg.sender], "You are not a producer!");
bytes memory designToBytes = bytes(design);
if (designToBytes.length == 0) {
revert MartenitsaToken__DesignLengthIsEmpty(); // Consider an empty string as not only whitespace
}
for (uint256 i = 0; i < designToBytes.length; i++) {
if (designToBytes[i] == 0x20 || designToBytes[i] == 0x5f) {
revert MartenistsaToken__IsAWhitespace();
}
}
uint256 tokenId = _nextTokenId++;
tokenDesigns[tokenId] = design;
countMartenitsaTokensOwner[msg.sender] += 1;
emit Created(msg.sender, tokenId, design);
_safeMint(msg.sender, tokenId);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Empty string as design

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.