low

`MartenitsaToken::createMartenitsa` design @param is not properly checked, pr...

Contest
sponsor logo

First Flight #13: Baba Marta
Selected Submission

MartenitsaToken::createMartenitsa design @param is not properly checked, producer can create a martenitsa token with an empty string as design or with design without any meaning

Severity

Low Risk

Relevant GitHub Links

https://github.com/activiteOCR/CodeHawks---Findings/blob/main/First-Flight-%2313-Baba-Marta.md#-martenitsatokencreatemartenitsa-design-param-is-not-properly-checked-producer-can-create-a-martenitsa-token-with-an-empty-string-as-design-or-with-design-without-any-meaning-l-01

Summary

In MartenitsaToken::createMartenitsa design @param is not properly checked, so a producer can create a martenitsa token with a whitespace as design (It holds a specific ASCII value which is 32) or with a design without any meaning.

Vulnerability Details

The require control structure (L37 of MartenitsaToken.sol) does not correctly control the "Design" input parameter.

function testCreateMartenitsaCalledWithDesignEqualZero() public {
        vm.prank(jack);
        vm.expectRevert();
        martenitsaToken.createMartenitsa(" ");
    }

require(bytes(design).length > 0, "Design cannot be empty");

Impact

Martenitsa token can be created with an empty string as design or with a design without any meaning.

Tools Used

Manuel review

Recommendations

Create a custom error based on your check DesignToBytes == 0 and DesignToBytes is checks against the hexadecimal values of common whitespace characters:

  1. 0x20 - Space
  2. 0x5f - Horizontal Tab

So whitespace and horizontal tab won't be accepted as design character but you can add more design rules in the if statement if you decide to authorize only some specific design.

    // Custom errors
    error MartenitsaToken__DesignLengthIsEmpty();
    error MartenistsaToken__IsAWhitespace();

    /**
     * @notice Function to create a new martenitsa. Only producers can call the function.
     * @param design The type (bracelet, necklace, Pizho and Penda and other) of martenitsa.
     */
    function createMartenitsa(string memory design) external {
        require(isProducer[msg.sender], "You are not a producer!");
        bytes memory designToBytes = bytes(design);
        if (designToBytes.length == 0) {
            revert MartenitsaToken__DesignLengthIsEmpty(); // Consider an empty string as not only whitespace
        }
        for (uint256 i = 0; i < designToBytes.length; i++) {
            if (designToBytes[i] == 0x20 || designToBytes[i] == 0x5f) {
                revert MartenistsaToken__IsAWhitespace();
            }
        }
        uint256 tokenId = _nextTokenId++;
        tokenDesigns[tokenId] = design;
        countMartenitsaTokensOwner[msg.sender] += 1;

        emit Created(msg.sender, tokenId, design);

        _safeMint(msg.sender, tokenId);
    }