Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

Malicious code in MerkleAirdropTest.t.sol

Summary

Function in testPwned() MerkleAirdropTest.t.sol attempts to execute malicious code on people who run the test

Vulnerability Details

function testPwned() public {
    string[] memory cmds = new string[](2);
    cmds[0] = "touch";
    cmds[1] = string.concat("youve-been-pwned");
    cheatCodes.ffi(cmds);
}
Seems to be malicious code 

Impact

Allows the attacker to run malicious code

Tools Used

Manual Review

Recommendations

Remove this test function

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

ffi

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.