Submission Details
Severity:
setPassword() does not check msg.sender allowing unauthorized account to overwrite password
Summary
Function setPassword() does not implement checks to ensure only s_owner can set the password.
Vulnerability Details
The setPassword() function stores the newPassword in s_password without verifying that the msg.sender is s_owner.
The following test case can be used to check for this issue:
// Tests that non-owner setting the password causes a revert
function test_non_owner_set_password_reverts() public {
// Set msg.sender to a different address
vm.startPrank(address(1));
// Expect the following operations to revert
vm.expectRevert(PasswordStore.PasswordStore__NotOwner.selector);
// The new password to set the value to
string memory otherPassword = "randomPassword";
// Attempt to set the password to the new value
passwordStore.setPassword(otherPassword);
}
Impact
Unauthorized addresses can set and overwrite the stored password.
Tools Used
foundry
Recommendations
Update setPassword() to implement an owner check:
function setPassword(string memory newPassword) external {
+ if (msg.sender != s_owner) {
+ revert PasswordStore__NotOwner();
+ }
s_password = newPassword;
emit SetNetPassword();
}
Updates
Lead Judging Commences
inallhonesty
about 2 years ago
inallhonesty about 2 years ago
Submission Judgement Published Assigned finding tags:
finding-lacking-access-control
Anyone can call `setPassword` and set a new password contrary to the intended purpose.
Rewards breakdown
nSLOC
20This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.