First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`PasswordStore: s_password` can be retrieved

priker

Summary

The password intended to keep on a private storage variable (s_password) can be retrieved by anyone.

Vulnerability Details

The state private variable s_password can be seen public via em.storage, hardhat, foundry tools with the help of RPC calls where EVM stores the data on given slots. So password can be used to exploit the owner. The below snippet can be used to retrieve the password.

bytes32 password = vm.load(address(passwordStore), bytes32(uint256(1)));
uint8 passwordLength = uint8(uint256(password)) / 2;
if(passwordLength > 0) {
password = (password >> (32 - passwordLength)) << (32 - passwordLength);
console.log('Retrieved Password: ', vm.toString(password));
}

Impact

Severe/High - depends on the value the password holds.

Tools Used

Foundry => attack test

Recommendations

Do not store sensitive data on EVM. Store it on a private paper notes or use lighthouse protocol to store data with private wallet. And only when you have the private key, the data can be retrieved.

Updates

Lead Judging Commences

inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-anyone-can-read-storage

Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.