THLO
commented
3 years ago The point of the leak() function is to show that everything stored in the key-value store is encrypted, so the attacker that triggers it cannot learn much (other than the amount of stored data and an approximate length of the keys and values).
In that sense, the function clear() is more dangerous because everybody can call it (and not just the controller, for example).
Recall that this is just a small prototype that we built as part of the hackathon, so it is definitely not a production-ready piece of software! You are right that these two functions would not be part of a deployment in production.
Cj-bc
Hi there, I watched DFINIHack on YouTube and came here to know how it works because I'm being interested in IC Vault!
During reading, I found that
clearandleakmethods in kv_store are still there.https://github.com/timohanke/hack13/blob/2b85aefa78870952d3de243ef1d8b864b8c6d0cc/kv_store/src/kv_store/main.mo#L56-L62
https://github.com/timohanke/hack13/blob/2b85aefa78870952d3de243ef1d8b864b8c6d0cc/kv_store/src/kv_store/main.mo#L141-L154
I'm new to here, so I might be wrong, but I'm wondering if it is dangerous to have such methods in canister deployed on IC.