Why is it needed?
Suppose you have locked liquidity on-contract which can be liquidated via withdraw()
that depends on a require function and access control. If someone has access to the responsible EOA, they can withdraw funds when needed. A better way to go about this is to also have a password, so that incase of a private key leak, the hacker still has to enter a password.
How is it implemented?
- User enters password, gets hashed via Keccak256 and appended with "0x" before the hash string.
- User sets password via constructor when deploying (
_setNewPassword()
) - User then can decide to check password (
_testPassword()
) and enter expected password and new password (since current password will be declared by on-chain data).
Solidity Code
contract onChainPassword
{
bytes32 private globalPassword;
constructor(bytes32 _hashedPassword)
{
globalPassword = _hashedPassword;
}
function _checkPassword(string memory _password, bytes32 _newPassword)
public returns (bool)
{
bool decision = keccak256(abi.encodePacked(_password))==globalPassword;
_setNewPassword(_newPassword);
return decision;
}
function _setNewPassword(bytes32 _newPassword) internal
{
globalPassword = _newPassword;
}
}
Disclaimer
Never put Friday projects on main-net without testing extensively, I'm a scatterbrain.
Top comments (0)