✅ Private means the visibility, not private
- All storage is publicly visible on the blockchain, even your
private variables!
- Never store passwords and private keys without hashing them first
- When using a delegatecall with contracts with storage variables, be careful about data corruption.
web3 >> web3.eth.getStorageAt(contractAddress, slotNumber)
ethers >> await provider.getStorageAt(address, slot);
Ethernaut
A Quick Guide to Hack private variables in Solidity