Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: high
Invalid

Hardcoded Secrets

Summary

Sensitive information like API keys or passwords are hardcoded, exposing them to misuse.

Vulnerability Details

Affected Code Sections: src/config/config.js (lines 10-12)

Details: API keys exposed in version control history.

Code Snippet:

const apiKeys = {
secretKey: 'YOUR_SECRET_KEY_HERE',
apiKey: 'YOUR_API_KEY_HERE'
};

Impact

Unauthorized access to third-party services and data leaks.

Tools Used

Recommendations

Remove hardcoded secrets; use environment variables or secret management tools (e.g., dotenv, AWS Secrets Manager).

Use .gitignore and Git hooks to prevent sensitive info commits.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.