✅Vault

private state variable

Description

Unlock the vault to pass the level!

Code Audit

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

Take a look at bytes32 private password. The keyword private in Solidity can be misleading: although it is meant to be "private", everything is indeed public on the blockchain. The private only means "other contracts are not allowed to read it".

Solution

The state variable password is located in storage #1 (#0 is the state variable locked). Grab it from the challenge contract storage:

await web3.eth.getStorageAt(contract.address, 1)

Unlock the vault with the password (in hex format) you just obtained:

await contract.unlock("0x412076657279207374726f6e67207365637265742070617373776f7264203a29")

Verify that the vault is now unlocked:

await contract.locked()

This should return false.

Click "Submit instance" and move on to the next level.

Summary

It's important to remember that marking a variable as private only prevents other contracts from accessing it. State variables marked as private and local variables are still publicly accessible.

To ensure that data is private, it needs to be encrypted before being put onto the blockchain. In this scenario, the decryption key should never be sent on-chain, as it will then be visible to anyone who looks for it. zk-SNARKs provide a way to determine whether someone possesses a secret parameter, without ever having to reveal the parameter.