A hidden enablement of foundry's FFI cheatcode allows the test script to run arbirtrary commands on the host machine.
The hiding of the ffi = true
foundry flag far down the foundry.toml file enables further obfuscated test code. ffi is mapped to a cheatcodes variable via a mock contract which allows ffi to be used within the test scripts. Multiple tests then use this to remove the ./lib directory and then "mock" the user with a creation of "You have been Cursed By Ravana" in filenames within the project.
This only removes foundry lib files which can be reinstalled, but this exposes the possibility that the hosts machine could have been compromised.
Never trust any code that comes from the outside, even from CodeHawks. Verify before running anything and/or run inside a safe virtual environment until you are sure that everything is good. Do not assume familiar tools or processes are what they purport to be.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.