-
-
Save romeroadrian/5ca5fdfb2a1239cde80ea1c5a7f5eec9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0-only | |
| pragma solidity >=0.8.0; | |
| import "forge-std/Test.sol"; | |
| import "../src/Bio.sol"; | |
| contract AuditTest is Test { | |
| Bio public bio; | |
| function setUp() public { | |
| bio = new Bio(); | |
| } | |
| function test_Bio_tokenURI_Injection() public { | |
| string memory text = "description\",\"attribute\":\"injected arbitrary data"; | |
| bio.mint(text); | |
| console.log(bio.tokenURI(1)); | |
| } | |
| function test_Bio_tokenURI_LineBufferOverflow() public { | |
| // This is a skin tone codepoint ("f09f8fbe") repeated 21 times | |
| string memory text = unicode"๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ๐พ"; | |
| bio.mint(string(text)); | |
| vm.expectRevert(); | |
| bio.tokenURI(1); | |
| } | |
| function test_Bio_tokenURI_BadLineBreak1() public { | |
| // The following text will be badly splitted | |
| string memory text = unicode"๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ๐๏ธโ๐จ๏ธ"; | |
| bio.mint(string(text)); | |
| console.log(bio.tokenURI(1)); | |
| } | |
| function test_Bio_tokenURI_BadLineBreak2() public { | |
| // The following text will be badly splitted | |
| string memory text = unicode"๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ๐ด๓ ง๓ ข๓ ฅ๓ ฎ๓ ง๓ ฟ"; | |
| bio.mint(string(text)); | |
| console.log(bio.tokenURI(1)); | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment