[L-01] Enhancement of Owner Address Immutability in PasswordStore Contract
Summary
The PasswordStore contract in the given Solidity code is designed to allow a user to store and update a password. The owner of the contract is assigned during contract deployment. However, the s_owner variable is defined as private but not immutable, which, although doesn't pose a security threat, goes against the optimization and clarity best practices.
Vulnerability Details
In the given contract, the s_owner variable is defined as address private s_owner;. However, since the owner address is set at the time of contract deployment and is not meant to be changed afterward, it is a good practice to declare the s_owner variable as immutable. Immutable variables can also help save gas as they allow for certain optimizations by the Solidity compiler.
Impact
The impact of this issue is low. It doesn't pose a security risk but missing out on declaring s_owner as immutable might lead to slight gas inefficiencies during contract execution. Additionally, not adhering to this best practice can potentially cause confusion or errors in more complex contracts or if the contract undergoes future development.
Tools Used
Manual Code Review
Recommendations
It's recommended to change the declaration of s_owner from:
to:
This change reflects the intent that the owner address is set at contract deployment and should not change afterward, and allows the Solidity compiler to apply optimizations that can save gas. Making this change will align the contract with Solidity best practices for state variable immutability.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.