sponsor logo

First Flight #1


First Flight #1: PasswordStore

First Flight Initiative - New to Web3 Security? Start your journey here! PasswordStore is a simple solidity protocol meant to allow the owner to store and retrieve their password securely. Never worry about forgetting your password again!

Start Date Oct 18th, 2023 (12:00)
End Date Oct 25th, 2023 (12:00)
Time Left 0d/0h/0m
Rewards 2x XP boost

What is a CodeHawks First Flight?

First Flights are 7 days long smart contracts auditing challenges characterised by smaller codebases and different rewards mechanisms from our standard smart contract auditing competitions, making them the perfect testing and learning ground for any aspirant smart contract security auditor.

Every week a new First Flight is announced and will be available on the codehawks.com platform to join for 7 days.

Differently from the CodeHawks smart contract auditing competitions, First Flights do not come with monetary prize pools but grant participants a multiplier on the XP earned by submitting findings.

For more information: CodeHawks Docs

First Flight #1: PasswordStore

Contest Details

Prize Pool

  • 2x XP/Finding!

  • High - 200xp

  • Medium - 40xp

  • Low - 4xp

  • Starts: 00:00 UTC Wednesday, Oct 18 2023

  • Ends: 00:00 UTC Wednesday, Oct 25 2023


  • nSLOC: 20
  • Complexity Score: 10


A smart contract application for storing a password. Users should be able to store a password and then retrieve it later. Others should not be able to access the password.

Getting Started


  • git
    • You'll know you did it right if you can run git --version and you see a response like git version x.x.x
  • foundry
    • You'll know you did it right if you can run forge --version and you see a response like forge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)


git clone https://github.com/Cyfrin/2023-10-PasswordStore
cd 2023-10-PasswordStore
​forge install foundry-rs/forge-std --no-commit
forge build

Optional Gitpod

If you can't or don't want to run and install locally, you can work with this repo in Gitpod. If you do this, you can skip the clone this repo part.

Open in Gitpod


Deploy (local)

  1. Start a local node
make anvil
  1. Deploy

This will default to your local node. You need to have it running in another terminal in order for it to deploy.

make deploy


forge test

Test Coverage

forge coverage

and for coverage based testing:

forge coverage --report debug

Audit Scope Details

  • Commit Hash: 2e8f81e263b3a9d18fab4fb5c46805ffc10a9990
  • In Scope:
└── PasswordStore.sol


  • Solc Version: 0.8.18
  • Chain(s) to deploy contract to: Ethereum


Owner - Only the owner may set and retrieve their password

Known Issues


Create the audit report

View the audit-report-templating repo to install all dependencies.

cd audits
pandoc 2023-09-01-password-store-report.md -o report.pdf --from markdown --template=eisvogel --listings