Unable to set passwords
Summary
The current contract presents a significant vulnerability where users are unable to set a password.
Vulnerability Details
The critical vulnerability resides within the setPassword function. While this function takes a password as input, it does not effectively set the password due to the emitted event, which lacks any parameters. Additionally, the event does not accept any parameters. Consequently, any password entered remains unrecorded within the contract or transaction log. This issue is further exacerbated by the fact that the password input is stored in temporary memory and is not passed to the event, resulting in no password storage.
Impact
The overall functionality of the contract is severely compromised as users cannot successfully set or store passwords within the given contract.
Tools Used
Foundry
Recommendations
To rectify this issue, it is recommended that the event be modified to include parameters, with the password being stored in a hashed format instead of plain text. Additionally, the sender's address should be included in the event parameters to facilitate later retrieval by the sender when interacting with the contract.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.