Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

Unable to get user password except owner

Summary

It is assumed that, apart from owners, other users will also be utilizing this contract. However, password retrieval is currently not feasible within the given contract.

Vulnerability Details

The primary vulnerability in the contract lies in the logic of the getPassword function. This function consistently checks whether the requesting sender is the owner. If the sender is not the owner, it instantly raises an error. Consequently, no one, except for the owner, can access their passwords through this function.

Impact

This vulnerability significantly impacts the contract's functionality. Users, other than the owner, are unable to retrieve their passwords, and any attempt to do so results in an immediate error.

Tools Used

Foundry

Recommendations

To address this issue, it is recommended that the getPassword function should be modified. Before granting access, it should first check if the sender's address is stored in the contract we can't use even logs as event logs don't have access in contract

Updates

Lead Judging Commences

inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.