PasswordStore State variable issue

[rocknwa]

In My audit report, I recommended using the Immutable keyword for the s_owner variable since it's stored in the contract's bytecode, I don't think it can be accessed off Chain because I used cast to test it, I couldn't access it. This is My report.

Please, I want to know if I'm right.

[danstam]

I'm guessing you meant using the immutable keyword for s_password instead of s_owner. However, this would not be the correct approach for the following reasons:

1- Declaring s_password as immutable would invalidate the contract's primary use case, which is to update a stored password. If the stored password is an immutable variable, it cannot be modified, rendering the contract's logic flawed.

2- While reading from bytecode would make accessing the password more difficult, it would not be impossible. All information stored on the blockchain is public, and it is never a good practice to store passwords on-chain in any form, even if declared as immutable.

[EngrPips]

Interesting, Does this answer clarify things @rocknwa?

[rocknwa]

Thanks a lot 😊 I really appreciate the clarification 🙏

…

On Fri, May 3, 2024, 7:21 PM EngrPips ***@***.***> wrote: Interesting, Does this answer clarify things @rocknwa <https://github.com/rocknwa>? — Reply to this email directly, view it on GitHub <#171 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A4JQMPZTKM3TPMCRL3OGETDZAPITJAVCNFSM6AAAAABHFSGU3SVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TGMBYGU3TO> . You are receiving this because you were mentioned.Message ID: <Cyfrin/security-and-auditing-full-course-s23/repo-discussions/171/comments/9308577 @github.com>

[EngrPips]

Awesome. I'm glad you now understand it correctly.

[danstam]

You're welcome! I'm glad I could help.