Platform: Code4rena
Start Date: 17/03/2023
Pot Size: $36,500 USDC
Total HM: 10
Participants: 98
Period: 3 days
Judge: leastwood
Total Solo HM: 5
Id: 223
League: ETH
Rank: 75/98
Findings: 1
Award: $19.87
🌟 Selected for report: 0
🚀 Solo Findings: 0
19.8705 USDC - $19.87
https://github.com/code-423n4/2023-03-canto-identity/blob/main/canto-bio-protocol/src/Bio.sol#L98
The current implementation of the tokenURI function generates an SVG with a viewBox height of 100, which might only be enough to display up to 2 lines of text. However, the bio text can be up to 5 lines in length. This may result in the text being cut off or displayed incorrectly.
Additionally, the logic for generating the SVG and splitting lines is quite heavy for on-chain execution, and it might be more efficient to move this functionality off-chain, only storing the bio data on the blockchain.
Furthermore, the current implementation does not sanitize the user-provided bio text, which could allow an attacker to inject malicious code, such as hyperlinks or extra line breaks, inside the <tspan> element. This could lead to unintended behavior or security vulnerabilities.
Add <br> tags into bio text to break the layout.
Add hyperlinks, or other attributes to make text custom
Visual inspection
To address these issues:
Adjust the SVG viewBox dimensions to ensure that the content fits correctly, considering the possibility of displaying up to 5 lines of text.
Consider moving the SVG generation and line-splitting logic off-chain, storing only the bio data on the blockchain, to reduce the computational load and gas costs associated with on-chain execution.
Sanitize the user-provided bio text to prevent the injection of malicious code, such as hyperlinks or extra line breaks. Implement input validation and escape any potentially dangerous characters before incorporating the bio text into the SVG.
#0 - c4-judge
2023-03-29T05:11:08Z
0xleastwood marked the issue as duplicate of #212
#1 - c4-judge
2023-04-11T19:38:54Z
0xleastwood marked the issue as satisfactory