Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

passwords storing logic

Summary

contract have only one owner and one password variables. multiple users can't store their passwords.

Vulnerability Details

DoS - after one user stored his password contract will be only for him.

Impact

Tools Used

Manual review

Recommendations

use:

  1. mapping(address => string) private passwords;

  2. change setPassword logic: passwords[msg.sender] = newPasswords;

  3. change getPasswords() logic: change this line: https://github.com/Cyfrin/2023-10-PasswordStore/blob/7a2fc760235c4f4809511186ff9a061c2ec68634/src/PasswordStore.sol#L39C27-L39C27
    return passwords[msg.sender];

  4. remove 13, 14, 19 lines. this lines will be unused after changes above.

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.