First Flight #1

completed

First Flight #1: PasswordStore

First Flight Initiative - New to Web3 Security? Start your journey here! PasswordStore is a simple solidity protocol meant to allow the owner to store and retrieve their password securely. Never worry about forgetting your password again!

Start Date Oct 18th, 2023 (12:00)
End Date Oct 25th, 2023 (12:00)
Time Left 0d/0h/0m
Rewards 2x XP boost
view repo view submissions view final report

What is a CodeHawks First Flight?

First Flights are 7 days long smart contracts auditing challenges characterised by smaller codebases and different rewards mechanisms from our standard smart contract auditing competitions, making them the perfect testing and learning ground for any aspirant smart contract security auditor.

Every week a new First Flight is announced and will be available on the codehawks.com platform to join for 7 days.

Differently from the CodeHawks smart contract auditing competitions, First Flights do not come with monetary prize pools but grant participants a multiplier on the XP earned by submitting findings.

For more information: CodeHawks Docs



First Flight #1: PasswordStore

Contest Details

Prize Pool

  • 2x XP/Finding!

  • High - 200xp

  • Medium - 40xp

  • Low - 4xp

  • Starts: 00:00 UTC Wednesday, Oct 18 2023

  • Ends: 00:00 UTC Wednesday, Oct 25 2023

Stats

  • nSLOC: 20
  • Complexity Score: 10

PasswordStore

A smart contract application for storing a password. Users should be able to store a password and then retrieve it later. Others should not be able to access the password.

Getting Started

Requirements

  • git
    • You'll know you did it right if you can run git --version and you see a response like git version x.x.x
  • foundry
    • You'll know you did it right if you can run forge --version and you see a response like forge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)

Quickstart

git clone https://github.com/Cyfrin/2023-10-PasswordStore
cd 2023-10-PasswordStore
​forge install foundry-rs/forge-std --no-commit
forge build

Optional Gitpod

If you can't or don't want to run and install locally, you can work with this repo in Gitpod. If you do this, you can skip the clone this repo part.

Open in Gitpod

Usage

Deploy (local)

  1. Start a local node
make anvil
  1. Deploy

This will default to your local node. You need to have it running in another terminal in order for it to deploy.

make deploy

Testing

forge test

Test Coverage

forge coverage

and for coverage based testing:

forge coverage --report debug

Audit Scope Details

  • Commit Hash: 2e8f81e263b3a9d18fab4fb5c46805ffc10a9990
  • In Scope:
./src/
└── PasswordStore.sol

Compatibilities

  • Solc Version: 0.8.18
  • Chain(s) to deploy contract to: Ethereum

Roles

Owner - Only the owner may set and retrieve their password

Known Issues

None

Create the audit report

View the audit-report-templating repo to install all dependencies.

cd audits
pandoc 2023-09-01-password-store-report.md -o report.pdf --from markdown --template=eisvogel --listings