`s_owner` cannot be updated
Summary
The private variable address s_owner cannot be updated after the contract is deployed.
Vulnerability Details
After the contract PasswordStore.sol is deployed, the s_owner is the address, who deployed the contract. The contract does not contain a function that allows for a change of owner.
Impact
The s_owner is a private variable that is set to the address of the account that deploys the contract. This is done in the constructor function of the contract PasswordStore.sol. The purpose of the contract is to allow users to store their passwords. The current configuration restricts usage to a single user, specifically the contract owner (s_owner). For additional users to utilize this contract's functionality, they would need to deploy the contract independently to assume ownership.
Tools Used
VS Code
Recommendations
Add functionality which makes possible to transfer ownership from one owner to another or add a list of users before the contract is deployed.
Also, you can use the OpenZeppelin's Ownable contract to define the ownership of the contract. The owner is set to the address that deploys the contract, and can be transferred to another address using the transferOwnership() function provided by the Ownable contract.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.