any one can get the password by reading contract storage
Summary
anyone can get the password of any contract. by reading the storage slot where the password is stored .
Vulnerability Details
storing the password or private data in the blockchain is a FALSE thing to do since all the storage of a smart contract can be accessed. you only need to get where this data is located.
in our case the data is a string which is a bytes array.
the storage location of a dynamic array is :
hash(slot)(in our case keccak265(1))and the encoding of it is : (32bytes => length , then the actual data (array))
so to get the password we calculate the slot . then get the length of the password which is the first word stored in this slot . then we query data from storage: from => slot + 1 to => slot + 1 + length.
this will return the password.
Example how to read a slot value :
using cast from foundry we can get the slot value at any location by the cammand :
Impact
any one can read the password of a user.
Tools Used
manual review
Recommendations
memorize your password.. don't store it in the blockchain
Lead Judging Commences
finding-anyone-can-read-storage
Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.