By leaving _mint_to_Accountant() with no access control when accountant = address(0) it allows an attacker to call the function, mint the entire supply to themselves, and gain the accountant and admin roles. Additionally, the parameter โaddress accountantDelegatorโ is expected but never used in the function.
Add admin access control to the _mint_to_Accountant() function
The text was updated successfully, but these errors were encountered:
All reactions