Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Nasty, destructive code hidden in foundry test scripts

Summary

A hidden enablement of foundry's FFI cheatcode allows the test script to run arbirtrary commands on the host machine.

Vulnerability Details

The hiding of the ffi = true foundry flag far down the foundry.toml file enables further obfuscated test code. ffi is mapped to a cheatcodes variable via a mock contract which allows ffi to be used within the test scripts. Multiple tests then use this to remove the ./lib directory and then "mock" the user with a creation of "You have been Cursed By Ravana" in filenames within the project.

Impact

This only removes foundry lib files which can be reinstalled, but this exposes the possibility that the hosts machine could have been compromised.

Tools Used

Recommendations

Never trust any code that comes from the outside, even from CodeHawks. Verify before running anything and/or run inside a safe virtual environment until you are sure that everything is good. Do not assume familiar tools or processes are what they purport to be.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid according to docs

mattjenkins Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
mattjenkins Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid according to docs

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.