_Follow along with this video:_ --- ### The report so far: --- ### [S-#] TITLE (Root Cause + Impact) **Description:** **Impact:** **Proof of Concept:** **Recommended Mitigation:** --- ### Title The first thing we need to fill out is our report's title. We want to be concise while still communicating important details of the vulnerability. A good rule of thumb is that your title should include: > Root Cause + Impact So, we ask ourselves _what is the root cause of this finding, and what impact does it have?_ For this finding the root cause would be something asking to: - **Storage variables on-chain are publicly visible** and the impact would be: - **anyone can view the stored password** Let's work this into an appropriate title for our finding (don't worry about `[S-#]`, we'll explain this more later). --- ``` ### [S-#] Storing the password on-chain makes it visible to anyone and no longer private **Description:** **Impact:** **Proof of Concept:** **Recommended Mitigation:** ``` --- ### Wrap Up The easiest way to ensure a clear title of your report is to be concise and adhere to the rule of thumb. > Root Cause + Impact One step down! Let's move onto the description section next
Learn how to write better findings: focus on repetition, use clear titles with root causes & impact, example of effective title creation in a security report.
Previous lesson
Previous
Next lesson
Next
Give us feedback
Solidity Developer
Smart Contract SecurityDuration: 25min
Duration: 1h 18min
Duration: 35min
Duration: 2h 28min
Duration: 5h 03min
Duration: 5h 22min
Duration: 4h 33min
Duration: 2h 01min
Duration: 1h 40min
Testimonials
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar