It is not safe to save secrets on the blockchain
Summary
It is not safe to store secrets on the blockchain.
Vulnerability Details
If it is on a blockchain, all the data are supposed to be public and there is no way you can store any kind of secret in plain text. The secret will be like announced publicly to the world if there is a dev with minial skills who can check the so-called "private" state variables.
after run the $ make anvil and $make deploy command we run the POC as below:
Impact
The main function of this smart contract fails.
Tools Used
Foundry - anvil, cast, forge
Recommendations
never store the password in plain text on chain. This will fail.
Store the information off-chain and you can store the hashed value of the password on-chain.
Even though people can see the hashed value, they will not know your secret value behind the scene.
Lead Judging Commences
finding-anyone-can-read-storage
Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.