Secret Vault
First Flight #46
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

No Destroy/Erase Path Locks Users Into Perpetual Data Retention and Storage Rent

r4y4n3

Root + Impact

Description

  • Normal behavior: Owner should be able to rotate or delete secrets, and reclaim storage when a vault is no longer needed.
    Issue: There is no function to move_from<Vault> the resource. Users can never erase leaked/compromised data or reclaim storage. On Aptos, state size costs money; without deletion, the rent-like liability persists.

// No function exists to remove the resource:
// @> struct Vault has key { secret: String }
// @> move_to(caller, secret_vault);
// ...but no move_from<Vault>(addr) anywhere.

Risk

Likelihood:

  • Reason 1: Users make mistakes and need to rotate or purge secrets.
    Reason 2: Projects deprecate features; without a destroy path, state lingers forever.

Impact:

  • Impact 1: Permanent on-chain exposure if the plaintext is ever read; user cannot wipe.
    Impact 2: Ongoing storage costs with no way to reclaim.

Proof of Concept

// After creating a Vault, attempts to remove it are impossible via public API.
// Any attempt by integrators to overwrite with empty string still leaves history visible.

Recommended Mitigation

+ public entry fun delete_secret(s: &signer) acquires Vault {
+ let owner = signer::address_of(s);
+ assert!(exists<Vault>(owner), E_VAULT_NOT_FOUND);
+ let _dead = move_from<Vault>(owner);
+ // optionally emit a deletion event
+}
Updates

Lead Judging Commences

bube Lead Judge 12 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.