Santa's List

AI First Flight #3

Beginner FriendlyFoundry

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

foundry.toml Enables FFI Globally, Allowing All Tests to Execute System Commands

georgibuilds

Root + Impact

The Foundry configuration enables FFI (Foreign Function Interface) globally with ffi = true, removing the security safeguard that prevents tests from executing system commands. This enables Finding #5 and allows any test to compromise user systems.

Description

FFI is disabled by default as a security measure

Configuration explicitly enables FFI for all tests

Malicious tests can execute arbitrary commands without warnings

# foundry.toml

[profile.default]

src = "src"

out = "out"

libs = ["lib"]

ffi = true # ❌ Enables system command execution globally

evm_version = "paris"

function testPwned() public {

string[] memory cmds = new string[](2);

cmds[0] = "touch";

cmds[1] = string.concat("youve-been-pwned");

cheatCodes.ffi(cmds);

}

Risk

Likelihood:

Applied automatically when running any Foundry command

No user prompt or warning about FFI being active

Affects all test files in the project
Combined with Finding #5 for automatic exploitation

Impact:

Enables all FFI-based attacks (like Finding #5)

Removes default security protection

Silent enablement without user awareness
Supply chain attack vector for malicious developers
Persistent risk across all testing

Proof of Concept

This demonstrates that FFI is active by successfully executing a command that would normally be blocked.

function test_ffiIsEnabled() public {

string[] memory cmds = new string[](2);

cmds[0] = "echo";

cmds[1] = "FFI is enabled!";

// If ffi = false, this would error: "FFI is not enabled"

// Because ffi = true, it executes successfully

cheatCodes.ffi(cmds);

}

Recommended Mitigation

Disable FFI by default to restore the security safeguard, requiring explicit opt-in for legitimate use cases.

[profile.default]

src = "src"

out = "out"

libs = ["lib"]

- ffi = true

+ ffi = false

evm_version = "paris"

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 18 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!