First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

`MartenitsaToken::createMartenitsa` function doesn't have a whitespaces check which allows Martenitsa design to be visually empty string causing discrepancies for potential buyers

codexbugmenot

Summary

MartenitsaToken::createMartenitsa function has a require statement require(bytes(design).length > 0, "Design cannot be empty"); but it can be by passing by using whitespaces i.e " "
which is 0x20 in hex and technically not empty but visually empty string i.e a string of spaces.

Impact

Any malicious user can create two strings with design strings as

" " (single whitespace) - low price
" " (double whitespaces) - high price

The strings appear to be same but they aren't (in hex one is "0x20" and other is "0x2020").

Any user who wants to buy this "empty" design martenitsa can be baited to buy the high price one by the malicious user as it is visually of similar design to the low price one

Proof of Concept

Note: Please Import {console} in MartenitsaToken.t.sol by adding import {console} from "forge-std/Test.sol"; at the top for the PoC's to work effortlessly

The User can create a martenitsa with single or multiple whitespaces

PoC: Create Martenitsa Empty String

function testCreateMartenitsaEmptyString() public {

vm.prank(chasy);

martenitsaToken.createMartenitsa(" ");

vm.prank(chasy);

martenitsaToken.createMartenitsa(" ");

string memory str0 = martenitsaToken.tokenDesigns(0);

string memory str1 = martenitsaToken.tokenDesigns(1);

console.logBytes(bytes(str0));

console.logBytes(bytes(str1));

}

Recommendations

Whitespaces check should be added to MartenitsaToken::createMartenitsa function to prevent design being visually empty string.In the MartenitsaToken::createMartenitsa function after the second require statement add the following piece of code:

+ bytes memory a = bytes(design);

+ bytes1 b = " ";

+ uint256 whitespaces;

+ for (uint8 i = 0; i < a.length; i++) {

+ if (a[i] != b) {

+ break;

+ } else {

+ whitespaces++;

+ }

+ require(whitespaces != a.length, "Name is just an Empty String with Empty Spaces,Change it");

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Empty string as design

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.