First Flight #1: PasswordStore
First Flight #1
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Non-owner can set new password

0xdangit

Summary

Any user (not just the owner) can set a new password, overwriting the stored one.

Vulnerability Details

The function setPassword(string memory newPassword) does not check that the user calling the function is actually the owner of the Password Store. As a result, anyone can call the function and set a new password, overwriting the stored one.

Impact

The stored password is lost - a severe disruption of protocol functionality. Easily exploited - see Foundry/Forge PoC below.

function test_non_owner_can_set_password() public {
// Set the password using an account different to the owner.
vm.startPrank(address(0xda));
string memory newPassword = "should not work";
passwordStore.setPassword(newPassword);
vm.stopPrank();
// Change to the owner account to retrieve the stored password.
vm.startPrank(owner);
assertEq(newPassword, passwordStore.getPassword());
}

Tools Used

Foundry/Forge

Recommendations

Only allow the owner to use the setPassword(string memory newPassword) function to set the password.

function setPassword(string memory newPassword) external {
+ if (msg.sender != s_owner) {
+ revert PasswordStore__NotOwner();
+ }
s_password = newPassword;
emit SetNetPassword();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-lacking-access-control

Anyone can call `setPassword` and set a new password contrary to the intended purpose.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.