I just started learning and experimenting with TEAL smart contracts, so apologies if this topic is already covered somewhere.
In examples akin to this one https://developer.algorand.org/tutorials/writing-simple-smart-contract/#3-check-the-length-of-the-passed-in-passphrase I noticed a (concerning) pattern like that:
// The sha256 value of the passphrase
arg 0
sha256
byte base64 30AT2gOReDBdJmLBO/DgvjC6hIXgACecTpFDcP1bJHU=
==
This implies that the passhrase is, essentially, a plain text. Now, I assume that multiple random network nodes are involved in validation and, therefore, have access to the smart contract arguments. So it’s not hard to create a malicious node which will collect smart contract arguments and will eventually allow malicious actors to gain access to security critical data.
Is this concern valid and if not what would prevent such kind of an attack?
And if it’s plausible, why this practice is not discouraged in the tutorials?
Welcome, @jabbervogue !
The pattern you are referring to is a hash-locked contract. It has nothing to do with the passphrase(s) of your account(s). Hash-locked contracts are based on the fact, that for a given a hash value, it is virtually impossible to know the original value (“passphrase”), Only the contract creator can know it.
It has many use cases, The most frequent is commitment: you can later “prove” by revealing the pasphrase, that you commited yourselft to a definite value, e.g. in a bet. Here, passphrase can be the bet, concatenated with random bytes.
1 Like
Thanks @Maugli, this was very helpful.
My first assumption was that the “passphrase” was supposed to be an authentication feature for the contract creator to have access to some limited access functionality of the contract - which was clearly wrong.
But in the light of it, it looks like the passphrase is a strictly one time thing. Unless the hash is saved in the global state instead of hardcoding and the transaction carries new hash to redefine the previous one on each usage.