setPassword(string memory newPassword) function does not have any modifier, so the 2nd function would not matter.
The vulnerability lies within the first function which is setPassword() as it does not have any modifier, and has external function calls, which could be called by anybody.
This made the 2nd function which is getPassword() would not be matter in this contracts, because it could be constantly changed by whoever calls the setPassword() as it is could called by anyone.
The stored password would not be mattered at all because it could be changed every now and then, by anyone
Manual Review
Have modifier set for setPassword() function, either adding onlyOwner() modifier or s_owner = msg.sender to be added
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.