Unauthorized Access Vulnerability
Summary
This contract has a potential vulnerability where non-owners could set passwords and could tamper with the security of this password store contract, it could also risk exposing the password in plain text when deployed
Vulnerability Details
The vulnerability lies in the setPassword function as it does not have a modifier to restrict its usage to the owner. This could result in great exploitation by non-owners as any potential funds tied to the contract could be stolen
Impact
If this vulnerability were exploited, a malicious person could set a password on the contract, preventing the legitimate owner from accessing their own contract. This could lead to loss of control over the contract and potential loss of any funds or data stored in the contract.
Tools Used
The vulnerability was identified using Foundry, a smart contract development and testing framework for Solidity
Recommendations
The recommended solution for this vulnerability is to add a modifier to the setPassword function that checks if the address of the msg.sender is the contract owner. This would ensure that only the owner can set the password.
Lead Judging Commences
finding-lacking-access-control
Anyone can call `setPassword` and set a new password contrary to the intended purpose.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.