First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Password can be accessed by anyone

0xbjorn

Summary

The secure password can be read by anyone.is stored unencrypted as a private storage variable and can be read by anyone.

Vulnerability Details

The intended way of accessing the password is through the getPassword() function which has an onlyOwner check. The password is however stored unencrypted as a private storage variable which can be accessed by anyone by reading the storage slot directly bypassing the getPassword() function.

Impact

The password is stored unencrypted in storage slot 1:

contract PasswordStore {
error PasswordStore__NotOwner();
address private s_owner; // storage slot 0
-> string private s_password; // storage slot 1

To access the contracts storage slot, use the following command in Foundry

cast storage <contract-address> <storage-slot> --rpc-url <rpc-url>

It can the be read as ascii by using the following foundry command cast to-ascii <hex-data>

Tools Used

foundry

Recommendations

If the password is going to be stored on chain it has the be encrypted.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 2 years ago
inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-anyone-can-read-storage

Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.