contract have only one owner and one password variables. multiple users can't store their passwords.
DoS - after one user stored his password contract will be only for him.
Manual review
use:
mapping(address => string) private passwords;
change setPassword logic: passwords[msg.sender] = newPasswords;
change getPasswords() logic: change this line: https://github.com/Cyfrin/2023-10-PasswordStore/blob/7a2fc760235c4f4809511186ff9a061c2ec68634/src/PasswordStore.sol#L39C27-L39C27
return passwords[msg.sender]
;
remove 13, 14, 19 lines. this lines will be unused after changes above.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.