Submission Details
Severity:
Empty string can used to set password
Summary
Owner can set the password with empty string
Vulnerability Details
In setPassword() they forgot to check if the newPassword is emty or not
function setPassword(string memory newPassword) external {
s_password = newPassword;
emit SetNetPassword();
}
POC:
function test_empty_string() public {
vm.startPrank(owner);
string memory expectedPassword = "";
passwordStore.setPassword(expectedPassword);
string memory actualPassword = passwordStore.getPassword();
assertEq(actualPassword, expectedPassword);
}
Output:
[⠢] Compiling...
[⠆] Compiling 3 files with 0.8.18
[⠰] Solc 0.8.18 finished in 982.88ms
Compiler run successful!
Running 1 test for test/PasswordStore.t.sol:PasswordStoreTest
[PASS] test_empty_string() (gas: 16815)
Traces:
[17292] PasswordStoreTest::test_empty_string()
├─ [0] VM::startPrank(DefaultSender: [0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38])
│ └─ ← ()
├─ [5333] PasswordStore::setPassword()
│ ├─ emit SetNetPassword()
│ └─ ← ()
├─ [3065] PasswordStore::getPassword() [staticcall]
│ └─ ←
└─ ← ()
Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 5.55ms
Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)
Impact
Another people can guest the password
Tools Used
Foundry
Recommendations
Check if the newPassword is empty or not
function setPassword(string memory newPassword) external {
+ require(bytes(newPassword).length > 0, "empty password");
s_password = newPassword;
emit SetNetPassword();
}
Updates
Rewards breakdown
nSLOC
20This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.