First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`setPassword` function is vulnerable to mempool attacks.

alymurtazamemon

Summary

Never store passwords on-chain because user-passed arguments to functions will always be visible to miners.

Vulnerability Details

function setPassword(string memory newPassword) external {
s_password = newPassword;
emit SetNetPassword();
}

PasswordStore.sol - Lines 26 - 29

The setPassword function takes the newPassword as an argument and stores it in the s_password state variable.

This is vulnerable to mempool attacks because once a user submits their transaction to set a new password, it is stored in the mempool, where the miner can view the transaction and include it in the next block for on-chain confirmation on the blockchain.

If the miner is malicious, they can access the user-submitted password from the transaction and potentially act maliciously

Impact

The attacker will have access to the password, which can be used to exploit areas where the owner utilizes this password. Based on the user's password pattern, the attacker can also predict passwords for the owner's other platforms.

Tools Used

Manual Review

Recommendations

Never store passwords on-chain.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 2 years ago
inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-anyone-can-read-storage

Private functions and state variables are only visible for the contract they are defined in and not in derived contracts. In this case private doesn't mean secret/confidential

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!