Secret Vault
First Flight #46
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

View Function Cannot Be Called From Wallet

i_atiq

Summary

The function get_secret is intended to be a view function. But this function cannot be called from a wallet. It can only be called from a script or another contract. As a result, owner cannot call it from his wallet which is a loss of functionality. This function is not marked as entry, which means it cannot be called directly by end-users via transactions

#[view]
public fun get_secret (caller: address):String acquires Vault{
assert! (caller == @owner,NOT_OWNER);
let vault = borrow_global<Vault >(@owner);
vault.secret
}

  • This function is public fun, not public entry fun.

  • Owner cannot call this function directly from his wallet or via a transaction (cli).

  • Only other Move modules or scripts can call this function.

Impact

Fuction cannot be called from a wallet and if the owner is non technical, it will not be possible for him to manage it

Mitigation

Add entry on the function get_secret, such as:

- public fun get_secret (caller: address):String acquires Vault{
+ public entry fun get_secret (caller: address):String acquires Vault{
assert! (caller == @owner,NOT_OWNER);
let vault = borrow_global<Vault >(@owner);
vault.secret
}
Updates

Lead Judging Commences

bube Lead Judge 11 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.