Canto Identity Subprotocols contest - Respx's results

Lines of code

https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-pfp-protocol/src/ProfilePicture.sol#L73

Vulnerability details

Impact

Whilst it is quite understandable that Canto may wish to give its users a censorship free ability to set profile pictures, it is worth considering the worst case scenarios.

Some of the most damaging types of content might be:

• Malicious URLs leading to malware etc.
• Illegal pornographic images.
• Images of extreme violence.
• "Dark web" content such as instructions on how to make or use weapons.
• Incitements to serious crimes.

ProfilePicture.sol is created by Canto and will presumably be deployed by Canto. It could potentially damage the reputation of Canto or the future of the blockhain if such content remains locked in place on the Canto blockchain in a Canto deployed contract.

Proof of Concept

It is clear from the code that ownership is the only limitation on the information returned by ProfilePicture.tokenURI(). This function simply returns whatever the image NFT returns when its own tokenURI() function is called.

Tools Used

Manual inspection

Recommended Mitigation Steps

Consider adding a basic ownership model to ProfilePicture that would allow for the removal of the most extreme harmful content. Alternatively, if that approach is too restrictive, consider adding a blacklist functionality.