First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Dependencies for Normal Contract Functionality

10ap17

Summary

Within the contracts ramNFT and Dussehra there are import statements that reference OpenZeppelin contracts. However, the project does not include the OpenZeppelin library, resulting in compilation errors and deployment issues.

Vulnerability Details

The contracts ramNFT and Dussehra contain import statements that depend on OpenZeppelin contracts. Specifically, ramNFT imports ERC721URIStorage from @openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol, and Dussehra imports Address from @openzeppelin/contracts/utils/Address.sol. Since the project does not include the OpenZeppelin library, attempts to compile or deploy these contracts will fail due to missing dependencies.

Cause of the Issue

The cause of this issue is the reliance on external libraries without including them in the project. The contracts assume the presence of the OpenZeppelin library, leading to errors when attempting to compile or deploy without it.

Likelihood of Occurrence

Given the common practice of relying on external libraries for contract development, the likelihood of encountering such import statement errors is high. Developers inadvertently reference external dependencies without ensuring their availability within the project, leading to similar issues.

Impact

The improper import statements hinder the deployment and functionality of the contracts. Without the necessary dependencies from the OpenZeppelin library, successful compilation and deployment are not possible, rendering the contracts unusable.

Tools Used

  1. Manual Code Review

  2. Foundry

Proof of Concept

The PoC involves attempting to compile the project using forge compile. The command outputs the following error:

forge compile
[⠃] Compiling...2024-06-12T18:06:27.987174Z ERROR foundry_compilers::artifacts: error="/home/ap/2024-06-Dussehra/lib/openzeppelin-contracts/contracts/utils/Address.sol": No such file or directory (os error 2)
[⠊] Compiling...
Error:
failed to resolve file: "/home/ap/2024-06-Dussehra/lib/openzeppelin-contracts/contracts/utils/Address.sol": No such file or directory (os error 2); check configured remappings
--> /home/ap/2024-06-Dussehra/src/Dussehra.sol
@openzeppelin/contracts/utils/Address.sol

This error message indicates that the compiler cannot find the Address.sol file from the OpenZeppelin library. The root cause is that the necessary OpenZeppelin contracts are missing from the project directory. Without these dependencies, the compiler cannot successfully compile the contracts.

Recommendations

To resolve this issue, the project should include the necessary OpenZeppelin and Forge-std libraries. This can be done by installing them using the following commands:

forge install OpenZeppelin/openzeppelin-contracts --no-commit

Additionally, we have to install the Forge-std Library to ensure all dependencies are correctly resolved:

forge install foundry-rs/forge-std --no-commit

Once again we try to compile:

forge compile
[⠊] Compiling...
No files changed, compilation skipped

These steps will ensure that the required contracts from the OpenZeppelin library are available in the project, allowing for successful compilation.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid according to docs

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.