It is assumed that, apart from owners, other users will also be utilizing this contract. However, password retrieval is currently not feasible within the given contract.
The primary vulnerability in the contract lies in the logic of the getPassword function. This function consistently checks whether the requesting sender is the owner. If the sender is not the owner, it instantly raises an error. Consequently, no one, except for the owner, can access their passwords through this function.
This vulnerability significantly impacts the contract's functionality. Users, other than the owner, are unable to retrieve their passwords, and any attempt to do so results in an immediate error.
Foundry
To address this issue, it is recommended that the getPassword function should be modified. Before granting access, it should first check if the sender's address is stored in the contract we can't use even logs as event logs don't have access in contract
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.