Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Input Validation for customReferralCode Parameter in CustomReferralConfiguration.sol

heim

Summary

The load function does not validate the customReferralCode parameter, leading to potential issues if an empty string or malicious input is provided.

Vulnerability Details

Code Reference:

function load(string memory customReferralCode)
internal
pure
returns (Data storage customReferralConfigurationTestnet)
{
bytes32 slot = keccak256(abi.encode(CUSTOM_REFERRAL_CONFIGURATION_DOMAIN, customReferralCode));
assembly {
customReferralConfigurationTestnet.slot := slot
}
}

Proof of concept

  • Copy this fuzz test to test folder

// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.25;
import "forge-std/Test.sol";
import "../../src/perpetuals/leaves/CustomReferralConfiguration.sol";
contract FuzzCustomReferralConfigurationTest is Test {
using CustomReferralConfiguration for *;
struct Data {
address referrer;
}
function testEmptyStringInput(string memory referralCode) public {
// New: Ensure the test fails on an empty referral code
if (bytes(referralCode).length == 0) {
vm.expectRevert(bytes("Custom referral code cannot be empty"));
CustomReferralConfiguration.load(referralCode);
} else {
CustomReferralConfiguration.Data storage refData = CustomReferralConfiguration.load(referralCode);
refData.referrer = address(0x1111111111111111111111111111111111111111);
assertEq(
refData.referrer,
address(0x1111111111111111111111111111111111111111),
"Valid referral code should not revert"
);
}
}

  • Run forge test --match-contract CustomReferralConfigurationTest -vvv

  • Output: [FAIL. Reason: call did not revert as expected; counterexample: calldata=0xd2b3fb1e00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000 args=[""]] testEmptyStringInput(string) (runs: 0, μ: 0, ~: 0)

The error message indicates that the test expected a revert when an empty string is passed, but it did not revert. This suggests that the function being tested does not handle empty strings correctly.

Impact

Severity: Low

However, the lack of input validation can still lead to several issues:

  • Unintended Behavior: Using empty or invalid strings may lead to unintended storage slot calculations.

  • Storage Inconsistency: Potential for generating the same storage slot for different inputs under certain conditions, leading to data inconsistency.

  • Security Vulnerabilities: Though less likely, if combined with other vulnerabilities, this could become a significant security risk.

Tools Used

Manual Review

Recommendations

  • Implement Input Validation:
    Ensure that customReferralCode is neither empty nor formatted in a potentially harmful manner.

function load(string memory customReferralCode)
internal
pure
returns (Data storage customReferralConfigurationTestnet)
{
+ require(bytes(customReferralCode).length > 0, "Custom referral code cannot be empty");
bytes32 slot = keccak256(abi.encode(CUSTOM_REFERRAL_CONFIGURATION_DOMAIN, customReferralCode));
assembly {
customReferralConfigurationTestnet.slot := slot
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!