Function in testPwned() MerkleAirdropTest.t.sol attempts to execute malicious code on people who run the test
function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned");
cheatCodes.ffi(cmds);
}
Seems to be malicious code
Allows the attacker to run malicious code
Manual Review
Remove this test function
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.