Platform: Code4rena
Start Date: 17/03/2023
Pot Size: $36,500 USDC
Total HM: 10
Participants: 98
Period: 3 days
Judge: leastwood
Total Solo HM: 5
Id: 223
League: ETH
Rank: 98/98
Findings: 1
Award: $9.94
🌟 Selected for report: 0
🚀 Solo Findings: 0
9.9353 USDC - $9.94
https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-bio-protocol/src/Bio.sol#L103-L116 https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Tray.sol#L132-L145 https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Namespace.sol#L90-L105
Bio generate a base64 encoded svg based on untrusted unescaped input bioText, which is set by bio[tokenId]. This will allow XSS in any page that display these svgs.
Similar issue also in https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Tray.sol#L132-L145 https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Namespace.sol#L90-L105
https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-bio-protocol/src/Bio.sol#L103-L115 https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Tray.sol#L132-L145 https://github.com/code-423n4/2023-03-canto-identity/blob/077372297fc419ea7688ab62cc3fd4e8f4e24e66/canto-namespace-protocol/src/Namespace.sol#L90-L105 Attacker can create a malicious NFT that have XSS code in the asset symbol.
Sanitize strings.
#0 - c4-judge
2023-03-28T00:44:39Z
0xleastwood marked the issue as duplicate of #212
#1 - c4-judge
2023-04-11T19:30:26Z
0xleastwood marked the issue as satisfactory
#2 - c4-judge
2023-04-11T19:30:35Z
0xleastwood marked the issue as partial-50