Currently ityfuzz produces logs like:
INFO fetching abi from https://api.bscscan.com/api?module=contract&action=getabi&address=0x84...&format=json&apikey=C7...
This is potential security issue e.g.:
- if someone uses a paid version of Etherscan and this key leaks via logs so someone else can use the key for free
- if someone does a leaked key to commit a crypto crime and investigation leads to other, innocent person
Users generally don't expect keys in logs. It should be e.g. replaced with ***secret***.
Currently ityfuzz produces logs like:
This is potential security issue e.g.:
Users generally don't expect keys in logs. It should be e.g. replaced with
***secret***.