Lack of Data Encryption
Summary
The current implementation stores passwords in plain text, posing a significant security risk.
Vulnerability Details
The s_password variable is stored in plain text, leaving it susceptible to potential data leaks and unauthorized access.
Impact
This vulnerability exposes all stored passwords to potential compromise if there is any unauthorized access or data leak.
Tools Used
The identification of this vulnerability was based on manual analysis.
Recommendations
Storing passwords in plain text on a public blockchain is highly discouraged due to security concerns. To enhance security, consider implementing industry-standard practices such as password hashing, salting, and encryption techniques like AES-256. These measures will significantly improve the protection of sensitive password data and help prevent unauthorized access and data leaks.
Lead Judging Commences
finding-anyone-can-read-storage
Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.