setPassword no password length restriction
Summary
There is a potential concern related to the gas limit when executing setPassword. If the password provided to the contract is a very long string, it has the potential to exceed the gas limit for Ethereum transactions, which can lead to issues with transaction execution.
Vulnerability Details
There is a gas limit on each transaction.
If a user attempts to set a password that is an extremely long string, it could require too high amount of gas to execute the transaction. If the gas required exceeds the gas limit, the transaction will be rejected by the network. As a result, the password update would fail, and the user's transaction fee would be wasted.
Impact
The impact of this issue is that users interacting with the contract could experience transaction failures if they attempt to set or update a very long password. Additionally, users would pay transaction fees without achieving their intended action.
Tools Used
No tools used. It was discovered through manual inspection of the contract.
Recommendations
To address this issue, it is recommended to consider implementing input validation within the contract to check the length of the password before attempting to update it.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.