Secret Vault
First Flight #46
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unauthorized Secret Retrieval in SecretVault Allows Any User to Access Sensitive Data

nono

Unauthorized Secret Retrieval in SecretVault Allows Any User to Access Sensitive Data

Description

  • The contract fails to enforce access control on the get_secret() (or equivalent retrieval) function.

  • This means any user can read the stored secret directly from the contract, defeating the purpose of storing it securely.

// No owner check here
public fun get_secret(addr: address): vector<u8> acquires Vault {
let vault = borrow_global<Vault>(addr);
vault.secret
}
}

Risk : High

Likelihood:

  • This will happen every time when attacker will misuse it

Impact: High

  • Complete loss of confidentiality for the stored secret.

Owner’s private data becomes publicly accessible to all blockchain participants.Users lose trust in the application, as the core promise (“only the owner can access the secret”) is broken.

Proof of Concept

1. Alice stores her secret in the contract using store_secret().

2. Mallory (attacker) calls:

let stolen_secret = SecretVault::Vault::get_secret(@alice);

3. Mallory now has full access to Alice’s secret.

Recommended Mitigation

// ✅ Added owner check to restrict access
public fun get_secret(addr: address, caller: &signer): vector<u8> acquires Vault {
let vault = borrow_global<Vault>(addr);
// Ensure only the owner can access their secret
+ assert!(
+ signer::address_of(caller) == vault.owner,
1 // error code: Not authorized
);
vault.secret
}
Updates

Lead Judging Commences

bube Lead Judge 11 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of signer check in `get_secret`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.