Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Private Key Exposure

Bauer

Summary

Private Key Exposure in Makefile for Account 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266

Vulnerability Details

Private keys are highly sensitive pieces of information that grant access to an associated account's assets and functionalities. Exposing private keys, especially in a public or shared space, poses serious security risks.
The private key for the account 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266 has been leaked in a Makefile. Furthermore, there are still some tokens present in this account.

-include .env

.PHONY: all test clean deploy fund help install snapshot format anvil

DEFAULT_ANVIL_KEY := 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80

Impact

The exposure of a private key leads to the loss of funds.

Tools Used

Vscode

Recommendations

It's essential to avoid hardcoding or placing private keys directly in source files

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!