Affected code:
The function _setAccountantContract() is supposed to be called after contract initialization, so that the accountant is immediately set. However, this function completely lacks any access control (itβs just public) so an attacker can monitor the mempool and frontrun the transaction in order to become both accountant and admin
Editor
The function should:
The text was updated successfully, but these errors were encountered:
All reactions