Missing Input Validation for Media Type

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L159

Vulnerability details

The validateMediaType function in the ArtPieceMetadata contract performs some input validation for the mediaType field in the metadata parameter. However, it lacks validation for the associated data fields based on the mediaType. This could lead to issues where the metadata object is considered valid even when required data fields for certain media types are missing or empty.

Consider a scenario where an attacker creates an ArtPieceMetadata` object with an invalid mediaType and missing data for that media type:

ArtPieceMetadata memory maliciousMetadata = ArtPieceMetadata( MediaType(6), // Invalid media type "", // Empty image URL "Title" );

validateMediaType(maliciousMetadata);

In this PoC, the attacker sets an invalid mediaType (6) and provides an empty image URL. The validateMediaType function would not detect this as an issue, even though it should be considered invalid.

Recommended Mitigation Steps: To improve the input validation for the metadata object, you should consider adding validation checks for the associated data fields based on the mediaType. Here's a recommended solution:

function validateMediaType(ArtPieceMetadata calldata metadata) internal pure { require(uint8(metadata.mediaType) > 0 && uint8(metadata.mediaType) <= 5, "Invalid media type");

if (metadata.mediaType == MediaType.IMAGE)
    require(bytes(metadata.image).length > 0, "Image URL must be provided");
else if (metadata.mediaType == MediaType.ANIMATION)
    require(bytes(metadata.animationUrl).length > 0, "Animation URL must be provided");
else if (metadata.mediaType == MediaType.TEXT)
    require(bytes(metadata.text).length > 0, "Text must be provided");
else
    revert("Invalid media type"); // Add this to handle unknown media types

}

In this solution:

• We've added an additional else branch to handle unknown mediaType values and revert the transaction to prevent processing invalid data.
• This change ensures that the metadata object is properly validated based on the mediaType, preventing invalid or incomplete data from being considered as valid.

By implementing this solution, you can enhance the security and reliability of your input validation in the validateMediaType function.

Assessed type

Invalid Validation

[raymondfam]

Missing attacking vector.

[c4-pre-sort]

raymondfam marked the issue as insufficient quality report

[c4-pre-sort]

raymondfam marked the issue as duplicate of #688

[c4-judge]

MarioPoneder marked the issue as unsatisfactory: Insufficient proof