Submission Details
Severity:
The Misleading Comment
Summary
I found a misleading comment into passwordStore.sol (source code) at line number 33.
Source code's comments are poorly written.
Vulnerability Details
/* <- poor comment design implementation. Missing a *
* @notice This allows only the owner to retrieve the password.
* @param newPassword The new password to set. ❌ misleading comment.
*/
function getPassword() external view returns (string memory) {
if (msg.sender != s_owner) {
revert PasswordStore__NotOwner();
}
return s_password;
}
// Cleaned version 👇
/**
* @notice This allows only the owner to retrieve the password.
* @return string Returns the password string if and only if Requester is the owner. // Return info was missing ✅
*/
function getPassword() external view returns (string memory) {
if (msg.sender != s_owner) {
revert PasswordStore__NotOwner();
}
return s_password;
}
Impact
Can Mislead web3 devs or any source code reader.
Tools Used
Manually Hunted.
Recommendations
Please remove that misleading comment, add a * to the head of each comment and Please add a comment that describes function return information.
Updates
Rewards breakdown
nSLOC
20This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.