Weaknesses due to misconceptions about privacy of data on-chain #209
Labels
Comments
|
@b-mueller @thec00n what do you think about this? It's the same as this BP recco. It's inherently subjective, and depends on the developers intent, but it's definitely a plausible weakness. |
Merged
maurelian
changed the title
|
Absolutely it's not covered currently. PRs are welcome :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there already an SWC entry for the keeping secret vulnerability [1][2]? The issue occurs when a contracts, e.g., a multi-player game needs to store secret information, e.g., for the next move of a player, and it just stores this information in a private field. However, for writing the field there needs to be a transaction, which makes the value public and a player might get an advantage because of this.
If there is no related entry may I just write one?
[1] Atzei, Nicola, Massimo Bartoletti, and Tiziana Cimoli. "A survey of attacks on Ethereum smart contracts." IACR Cryptology ePrint Archive 2016 (2016): 1007.
[2] https://medium.com/solidified/keeping-secrets-on-ethereum-5b556c3bb1ee
The text was updated successfully, but these errors were encountered: