Lack of onlyOwner Check in setPassword
Summary
The smart contract has a vulnerability where the setPassword function lacks an onlyOwner check. This means that anyone can modify the password storage, potentially compromising the security of the contract.
Vulnerability Details
The vulnerability resides in the setPassword function, which allows users to update the password storage. However, the function does not include a modifier or check to ensure that only the contract owner can call it. As a result, any external party can call this function and modify the password, bypassing any intended access restrictions.
Impact
Without the onlyOwner check, unauthorized individuals can modify the password storage, potentially gaining unauthorized access to sensitive information or user accounts. This vulnerability poses a significant risk to the confidentiality and integrity of the system.
Tools Used
Manual code review
Recommendations
Implement an onlyOwner modifier or check within the setPassword function to ensure that only the contract owner can modify the password storage. This can be achieved by adding a require statement at the beginning of the function to verify the caller's identity.
Lead Judging Commences
finding-lacking-access-control
Anyone can call `setPassword` and set a new password contrary to the intended purpose.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.