20180329-easily-read-private-variables.md

layout	post
title	easily read private variables
date	2018-03-29 09:30

I put this together to demonstrate that complete lack of "privacy" provided by labelling a variable private in solidity.

If you want to read a private variable in a solidity contract, and you have the source code, you can do it easily. Here's how:

1. You'll need the following:
2. The contract source code
3. The contract address
4. metamask
5. Go to https://remix.ethereum.org
6. Paste in the source code
7. Change the label from private to public

  // uint256 private secretNumber;
  // uint256 public secretNumber;

1. Go to the 'run' tab in remix.
2. Change the environment to "injected web3", this will get you a JSON rpc connection to ethereum, or whichever testnet the contract is on.
3. You'll get a bunch of buttons for interacting with the contract. Changing the label to public will have given you one that gets the value.

FYI adding the public keyword to the source adds a getter in the bytecode.
Because:

1. getters are constant call functions
2. constant functions can be run locally by web3js without sending a transaction to the blockchain
3. web3js will just execute the bytecode locally, to read from the contract’s storage locally.

So, it’s like you can pretend there are these extra convenience functions in the blockchain

Tomisin @ToJen 16:59
@maurelian wouldn't that make it a different contract then? I haven't actually deployed yet @foogunlana

Maurelian @maurelian 17:02
It’s almost exactly the same contract, and it will store the mapping data in the same locations. The only difference is that the local version will have some extra bytecode for retrieving that data.