Root + Impact

Secret here is set as UTf-8 which is not encrypting data and will be decode automatically on blockchain explorer,where any one can see it as plain text,so any one can see the secret of any user in plain text on chain.

Description

• A “secret vault” should not expose raw sensitive data to the public. On-chain data is readable by anyone, so secrets must be encrypted or stored as hashes/commitments.

• The Vault stores secret in UTF-8 encode format**.**UTF-8 is a character encoding, not an encryption method. It merely defines how text is represented as bytes. If you store secret data in UTF-8 on a blockchain, it remains plaintext and fully readable to anyone.

  
  

• Secrets are stored using string::utf8(secret) which encodes data as UTF-8, not encrypts it. This results in plaintext storage on-chain, fully visible to anyone via:

  • Blockchain explorers

  • SDKs

  • Node queries

    
    

Risk

Likelihood:

• This occurs every time set_secret is used UTF-8/plaintext is committed to state.

• When get_secret is used plain text will be logged on the blockchain as plain text.

• Blockchain transparency ensures any node or indexer can read the data.

• Message or transaction done on chain is visible to the public over blockchain explorer.

  
  

Impact:

• Complete loss of confidentiality for all “secrets” stored.

• Undermines the purpose of having a “secret vault” entirely.

• Any one/Everyone can see other user's secret stored in the Smartcontract.

Proof of Concept

Recommended Mitigation

• Do not store any secret/sensetive data on chain.

• Encrypt and the Secret with strong algorith and than store that encrypted values on chain.

• Implement Move Commitment scheme for better security as shown below.