attacker can look up password by checking the associated storage slot on the blockchain
Summary
Malicious actors can look up the password without being able to call getPassword. They could just look up the appropriate storage slot on the blockchain
Vulnerability Details
Sensitive on-chain data should never be saved on the blockchain. Even when the variable 's_password' is private and getPassword is protected by a check that requires it can only be called by owner, attacker could still look up the asoociated storage slot of s_password and retrieve it. This is since by nature all blockchain data are available for everyone to see.
Impact
This contract is not appropriate tool to store a private password, because such password can always be recovered by malicious actors.
Tools Used
Foundry
Recommendations
Do not store sensitive data on-chain. If the s_password is already encrypted, it might be OK (so here owner is only storing the encrypted password, and only them has the key to decrypt the encrypted password), but there is no such mechanism mentioned in the contract, as far as I can see.
Lead Judging Commences
finding-anyone-can-read-storage
Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.