✅ Private means the visibility, not private

  1. All storage is publicly visible on the blockchain, even your private variables!
  2. Never store passwords and private keys without hashing them first
  3. When using a delegatecall with contracts with storage variables, be careful about data corruption.

web3 >> web3.eth.getStorageAt(contractAddress, slotNumber)

ethers >> await provider.getStorageAt(address, slot);

Ethernaut

A Quick Guide to Hack private variables in Solidity