Submission Details
Severity:
Rewrite the whole damn contract 😐
Summary:
Rewrite the whole damn contract 😐
Vulnerability Details:
From lack of modifiers, to improper checks done in the setPassword and getPassword functions, to excessive gas usage, to not using gas saving tips, etc. This contract is a goldmine of bugs. Good news, bug slayer is here
Impact:
A whole lotta bugs. We need a whole lotta frogs 🐸 *croak
Tools Used:
Replit IDE, Foundry, Remix, PhindAI
Recommendations:
I rewrote the PasswordStore contract, what are friends for 😎?
// SPDX-License-Identifier: MIT
/*
* @author not-so-secure-dev
* @title PasswordStore
* @notice This contract allows you to store a private password that others won't be able to see.
* You can update your password at any time.
*/
contract PasswordStore {
error PasswordStore__NotOwner();
address private immutable s_owner;
string private s_password;
event SetPassword(address indexed _by, string _password);
constructor() {
s_owner = msg.sender;
}
modifier onlyOwner() {
if(msg.sender != s_owner) {
revert PasswordStore__NotOwner();
}
_;
}
/*
* @notice This function allows only the owner to set a new password.
* @param newPassword The new password to set.
*/
function setPassword(string memory newPassword) external onlyOwner {
s_password = newPassword;
emit SetPassword(msg.sender, newPassword);
}
/*
* @notice This allows only the owner to retrieve the password.
* @return The current password.
*/
function getPassword() external view onlyOwner returns (string memory) {
return s_password;
}
}
Updates
Rewards breakdown
nSLOC
20This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.