MartenitsaToken::createMartenitsa
design @param is not properly checked, producer can create a martenitsa token with an empty string as design or with design without any meaningLow Risk
https://github.com/activiteOCR/CodeHawks---Findings/blob/main/First-Flight-%2313-Baba-Marta.md#-martenitsatokencreatemartenitsa-design-param-is-not-properly-checked-producer-can-create-a-martenitsa-token-with-an-empty-string-as-design-or-with-design-without-any-meaning-l-01
In MartenitsaToken::createMartenitsa
design @param is not properly checked, so a producer can create a martenitsa token with a whitespace as design (It holds a specific ASCII value which is 32) or with a design without any meaning.
The require control structure (L37 of MartenitsaToken.sol) does not correctly control the "Design" input parameter.
function testCreateMartenitsaCalledWithDesignEqualZero() public {
vm.prank(jack);
vm.expectRevert();
martenitsaToken.createMartenitsa(" ");
}
require(bytes(design).length > 0, "Design cannot be empty");
Martenitsa token can be created with an empty string as design or with a design without any meaning.
Manuel review
Create a custom error based on your check DesignToBytes == 0 and DesignToBytes is checks against the hexadecimal values of common whitespace characters:
So whitespace and horizontal tab won't be accepted as design character but you can add more design rules in the if statement if you decide to authorize only some specific design.
// Custom errors
error MartenitsaToken__DesignLengthIsEmpty();
error MartenistsaToken__IsAWhitespace();
/**
* @notice Function to create a new martenitsa. Only producers can call the function.
* @param design The type (bracelet, necklace, Pizho and Penda and other) of martenitsa.
*/
function createMartenitsa(string memory design) external {
require(isProducer[msg.sender], "You are not a producer!");
bytes memory designToBytes = bytes(design);
if (designToBytes.length == 0) {
revert MartenitsaToken__DesignLengthIsEmpty(); // Consider an empty string as not only whitespace
}
for (uint256 i = 0; i < designToBytes.length; i++) {
if (designToBytes[i] == 0x20 || designToBytes[i] == 0x5f) {
revert MartenistsaToken__IsAWhitespace();
}
}
uint256 tokenId = _nextTokenId++;
tokenDesigns[tokenId] = design;
countMartenitsaTokensOwner[msg.sender] += 1;
emit Created(msg.sender, tokenId, design);
_safeMint(msg.sender, tokenId);
}