Access Control Lacking in setPassword Function
Summary
The setPassword function in the PasswordStore contract lacks proper access control modifiers or owner checks, making it vulnerable to unauthorized access.
Vulnerability Details
The vulnerability resides in the setPassword function of the PasswordStore contract, where the absence of access control modifiers or owner checks allows unrestricted access. This jeopardizes the contract's security, potentially leading to unauthorized alterations of sensitive data. Implementing access control or onlyOwner modifiers is essential to safeguard the contract.
Impact
Absence of an onlyOwner modifier or owner checks in the setPassword function of the PasswordStore contract poses a significant risk, enabling unauthorized access and potential data breaches, emphasizing the need for robust access control implementation.
Tools Used
The audit was conducted using manual code review and best practices in smart contract security.
Recommendations
Implement access control or owner checks in the setPassword function of the PasswordStore contract to enhance security and restrict access to authorized parties. This essential measure safeguards sensitive data, strengthening the contract's security and mitigating potential vulnerabilities.
Lead Judging Commences
finding-lacking-access-control
Anyone can call `setPassword` and set a new password contrary to the intended purpose.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.