In this tutorial I will explain how to access private data on the Ethereum blockchain. All data on the blockchain is public even private state variables. Private state variables are not available for other contract to read however these variables can be read using Web3. Never store sensitive data on the the public blockchain.
Data stored on the Ethereum blockchain
The EVM (Ethereum Virtual Machine) stores smart contract data in a large array with a length of 2**256 in slots on the blockchain. Each memory slot can contain up to 32 bytes of data. The EVM stores smart contract state variables in the order that they were declared in slots on the blockchain.
Accessing Solidity smart contract data that is declared private
To access a Solidity smart contracts private data on the Ethereum blockchain perform the following steps.
- Read the contract and determine the order that the state variables are declared. Remember the first state variable is saved in slot 0, the second variable in slot 1, etc.
- Use Web3 to read the memory slots of the contract on the blockchain. Use the following functions:
- Web3.eth.getStorageAt(address, slotNumber = 0, 1, 2, etc., console.log) – This function returns that values that are in the specified slots
- Web3.utils.toAscii – If the data can not be read because it is not in alpha numeric format use the following function to convert it.
On the public blockchain anyone can read your contract, determine the data types, then backwards engineer the values using web3. These values can then be printed to the log using the commands above.
In the blockchains current form do not store sensitive private data in a Solidity smart contract. The best way to prevent someone from accessing your private information is to not store it on a public blockchain.