First Flight #1: PasswordStore

First Flight #1

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Events not emitting caller information

aballok

Summary

Events need to emit detailed information like the caller of the function

Vulnerability Details

function setPassword(string memory newPassword) external {

s_password = newPassword;

emit SetNetPassword();

}

When password is set, event does not give information of the caller who is the msg.sender

Impact

This may have usability, monitoring, off-chain tooling problems, front end problems and even security. For example security tooling if caller is logged can react to password being changed when not expected to be changed or by address not expected etc

Tools Used

Manual Analysis

Recommendations

Event emit caller information

event SetNetPassword(address indexed caller);

....

emit SetNetPassword(msg.sender);

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 2 years ago

inallhonesty Lead Judge about 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

aballok Submitter

about 2 years ago

inallhonesty Lead Judge

about 2 years ago

aballok Submitter

about 2 years ago

inallhonesty Lead Judge about 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.