First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Insufficient Data in Custom Error `PasswordStore__NotOwner`

nisedo

Vulnerability Details

The PasswordStore.sol contract utilizes a custom error, PasswordStore__NotOwner, to handle unauthorized access attempts to the getPassword function. While custom errors are a valuable feature to provide more descriptive error messages, the current implementation of PasswordStore__NotOwner does not include any additional details or parameters about the error context. Detailed error messages can provide insights such as the offending address or specific conditions that triggered the error, aiding in debugging and understanding unauthorized access attempts.

11 error PasswordStore__NotOwner();

Impact

Low. The lack of detailed information in the custom error may not directly compromise the contract's security. However, it reduces the transparency and traceability of unauthorized actions, making it more challenging for developers, auditors, or contract administrators to diagnose issues or detect malicious activity.

Recommendations

Modify the PasswordStore__NotOwner custom error to include parameters that provide context about the error, such as the address that triggered it:

+ error PasswordStore__NotOwner(address caller);

And when reverting, use:

+ revert PasswordStore__NotOwner(msg.sender);
Updates

Lead Judging Commences

inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.