...by Daniel Szego
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Sunday, June 17, 2018

Solidity Tips and Tricks - private variable value

Private variables from solidity are usually not so private as they are expected. Value of a private variable can be read out by someone running a full client node and having a javascript console. As an example, considering the following private variable of a contract:

contract PrivateContract {

    string private Password = "MyPassword123";

    constructor() public {

By knowing the contract address and running a full node on the Ethereum network, you can easily read out the value of the private variable, like with:

 web3.eth.getStorageAt(contractAddress, 0)

which results the following hex value:


after encoding:


So the message is simple, do not store private information in private variables on the blockchain, because it is not really private !