Smart Contract Security - Private Data Access

This time we will see how to access private data (private data) in the contract.Not much to say about the target contract, go directly to the code

This time our target contract is a contract deployed on Ropsten.

合约地址：0x3505a02BCDFbb225988161a95528bfDb279faD6b链接：https://ropsten.etherscan.io/address/0x3505a02BCDFbb225988161a95528bfDb279faD6b#code

Vulnerability Analysis From the above contract code, we can see that the Vault contract records sensitive data such as the user's username and password in the contract. We know that the keywords that modify the variables in the contract only limit its calling scope, which alsoThis indirectly proves that the data in the contract is public and can be read at will, and it is not safe to record sensitive data in the contract.

Read data

First, let's learn about solidity's storage storage method: 1) The data in storage is permanently stored.It is stored in the slot slot as a key-value pair.2) The data in the storage is arranged from right to left in the slot. When the space is insufficient, the current slot is packaged and the next slot is opened to store data; when storing a fixed-length array (fixed length), each data in the array occupies a slot.3) Storing variable-length arrays (the length changes with the number of elements) is special. When encountering variable-length arrays, a new slot slotA will be enabled to store the length of the array, and its data will be stored in another number ofslotV in the slot.SlotA represents the position where the variable-length array is declared, and also stores the length of the variable-length array: length = sload(slotA) uses slotV to represent the location of the variable-length array data storage (ie key), and index represents the index subscript corresponding to the value:slotV = keccak256(slotA) + index uses value to represent the value of a certain data in the variable-length array: value = sload(slotV) Next, we will take you to read the data in this contract.First, let's look at the data in slot0:

It can be seen from the contract that only one uint type of data is stored in slot0, let's read it out and take a look: I use Web3.py to get the data here, first write the program

Running result:

"7b" is a hexadecimal number, which is 123 when converted to a decimal number.Here we have successfully reached the uint type variable count=123 stored in the first slot slot0 in the contract, let's continue:

Three variables are stored in slot1: u16, isTrue, owner

Running result:

From right to left, owner = f36467c4e023c31f026066b8dc51456e7b791d99isTrue = 01 = trueu16 == 31

The private variable password is stored in slot2, let's read it

Running result:

Slots 3, 4, 5 store three elements in a fixed-length array

Running result:

Slot6 stores the length of the variable-length array

Running result:

The returned result shows that the length of the variable-length array is 3.We can see from the contract code that the user's id and password are stored in the form of key-value pairs. Let's read the id and password of two users: user1

Running result:

user2

Running result:

In this way, we successfully read all the data in the contract.It can be seen that the private data in the contract can also be read.In conclusion, as you can see, the private data in the contract can also be read, so be sure not to store any sensitive data in the contract.

If you want to know more about smart contracts and blockchain knowledge, welcome to the blockchain exchange community CHAINPIP community to communicate and learn together~Community address: https://www.chainpip.com/