Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

setPassword function does not have any modifier

Summary

setPassword(string memory newPassword) function does not have any modifier, so the 2nd function would not matter.

Vulnerability Details

The vulnerability lies within the first function which is setPassword() as it does not have any modifier, and has external function calls, which could be called by anybody.

This made the 2nd function which is getPassword() would not be matter in this contracts, because it could be constantly changed by whoever calls the setPassword() as it is could called by anyone.

Impact

The stored password would not be mattered at all because it could be changed every now and then, by anyone

Tools Used

Manual Review

Recommendations

Have modifier set for setPassword() function, either adding onlyOwner() modifier or s_owner = msg.sender to be added

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Vague generalities

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.