Incorrect Serialization Logic in Test Case Leads to Incorrect ByteArray Testing (`byte_array_extra.cairo::tests::from_span_felt252_bytearray_shortstring`)
Summary
Vulnerability Detail
The from_span_felt252_bytearray_shortstring test case in the starknet/src/byte_array_extra.cairo contract is responsible for testing the serialization of a ByteArray object. This test case is crucial for ensuring that the serialization logic works correctly. However, the test case uses the serialize method incorrectly. Specifically, the test case does not ensure that the ByteArray object is correctly converted from a string and then serialized properly. This can lead to incorrect serialization of the ByteArray object, resulting in incorrect test results and not properly testing the serialization logic.
Impact
The incorrect use of the serialize method in the test case can lead to incorrect test results, giving a false sense of security about the correctness of the serialization logic.
Proof of Concept
The
from_span_felt252_bytearray_shortstringtest case uses theserializemethod incorrectly to serialize aByteArrayobject.The test case attempts to convert the serialized data back to a
ByteArray.The serialization logic is not properly tested because the
serializemethod is used incorrectly.The test case may pass or fail incorrectly, leading to undetected bugs in the serialization logic.
Tools Used
Manual review
Recommendation
The test case should be updated to use the serialize method correctly and ensure that the ByteArray object is serialized properly. The following code provides a corrected implementation:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.