QA Report #309
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
valid
L: Insufficient protection of sensitive data
The
hardhat.config.ts
uses sensitive information imported from an un-committed environment file. The usage of either.env
imported variables or even plain pasted keys make it easier for an attacker to compromise the keys used for monitoring, deployment, testing and even if wallet private keys are used in such way funds can be compromised.The following data could be compromised if a leak happens or if the
.gitignore
file is mistakenly deleted according to the imports performed onhardhat.config.ts
:It is advisable to use other ways of storing sensible keys such as hardware devices in order to prevent data leaks that may lead to catastrophic issues.
The text was updated successfully, but these errors were encountered: