Avoid fromat! macro usage

Description

Vulnerability Category: Validations and error handling
Vulnerability Severity: Enhancement
Detectors: avoid-format!-string
Test Cases: avoid-format!-string-1

The format! macro is not recommended. A custom error is recommended instead.

Exploit Scenario

Consider the following ink! contract:

    #[ink(message)]
    pub fn crash(&self) -> Result<(), Error> {
        Err(Error::FormatError {
            msg: (format!("{:?}", "false")),
        })
    }

The problem arises from the use of the format! macro. This is used to format a string with the given arguments. Returning a custom error is desirable.

The vulnerable code example can be found here.

Remediation

Create a custom error to avoid using the macro.

References

Memory Management

Avoid fromat! macro usage

Description​

Exploit Scenario​

Remediation​

References​

Description

Exploit Scenario

Remediation

References