The validateMediaType function in the ArtPieceMetadata contract performs some input validation for the mediaType field in the metadata parameter. However, it lacks validation for the associated data fields based on the mediaType. This could lead to issues where the metadata object is considered valid even when required data fields for certain media types are missing or empty.
Consider a scenario where an attacker creates an ArtPieceMetadata` object with an invalid mediaType and missing data for that media type:
ArtPieceMetadata memory maliciousMetadata = ArtPieceMetadata(
MediaType(6), // Invalid media type
"", // Empty image URL
"Title"
);
validateMediaType(maliciousMetadata);
In this PoC, the attacker sets an invalid mediaType (6) and provides an empty image URL. The validateMediaType function would not detect this as an issue, even though it should be considered invalid.
Recommended Mitigation Steps:
To improve the input validation for the metadata object, you should consider adding validation checks for the associated data fields based on the mediaType. Here's a recommended solution:
function validateMediaType(ArtPieceMetadata calldata metadata) internal pure {
require(uint8(metadata.mediaType) > 0 && uint8(metadata.mediaType) <= 5, "Invalid media type");
if (metadata.mediaType == MediaType.IMAGE)
require(bytes(metadata.image).length > 0, "Image URL must be provided");
else if (metadata.mediaType == MediaType.ANIMATION)
require(bytes(metadata.animationUrl).length > 0, "Animation URL must be provided");
else if (metadata.mediaType == MediaType.TEXT)
require(bytes(metadata.text).length > 0, "Text must be provided");
else
revert("Invalid media type"); // Add this to handle unknown media types
}
In this solution:
We've added an additional else branch to handle unknown mediaType values and revert the transaction to prevent processing invalid data.
This change ensures that the metadata object is properly validated based on the mediaType, preventing invalid or incomplete data from being considered as valid.
By implementing this solution, you can enhance the security and reliability of your input validation in the validateMediaType function.
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L159
Vulnerability details
The
validateMediaType
function in theArtPieceMetadata
contract performs some input validation for themediaType
field in themetadata
parameter. However, it lacks validation for the associated data fields based on themediaType
. This could lead to issues where themetadata
object is considered valid even when required data fields for certain media types are missing or empty.Consider a scenario where an attacker creates an ArtPieceMetadata` object with an invalid mediaType and missing data for that media type:
ArtPieceMetadata memory maliciousMetadata = ArtPieceMetadata( MediaType(6), // Invalid media type "", // Empty image URL "Title" );
validateMediaType(maliciousMetadata);
In this PoC, the attacker sets an invalid
mediaType
(6) and provides an empty image URL. ThevalidateMediaType
function would not detect this as an issue, even though it should be considered invalid.Recommended Mitigation Steps: To improve the input validation for the
metadata
object, you should consider adding validation checks for the associated data fields based on themediaType
. Here's a recommended solution:function validateMediaType(ArtPieceMetadata calldata metadata) internal pure { require(uint8(metadata.mediaType) > 0 && uint8(metadata.mediaType) <= 5, "Invalid media type");
}
In this solution:
else
branch to handle unknownmediaType
values and revert the transaction to prevent processing invalid data.metadata
object is properly validated based on themediaType
, preventing invalid or incomplete data from being considered as valid.By implementing this solution, you can enhance the security and reliability of your input validation in the
validateMediaType
function.Assessed type
Invalid Validation