Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-11-DEBTDAO-FINDINGS-ISSUES-502
HistoryNov 10, 2022 - 12:00 a.m.

SpigotLib._claimRevenue is marked public instead of internal

2022-11-1000:00:00
Code4rena
github.com
7
spigotlib
claimrevenue
vulnerability
mitigation
function visibility
security
external function
attacker
tokens
escrow
withdrawal
review
JSON

Lines of code

Vulnerability details

Impact

SpigotLib._claimRevenue is marked public instead of internal. This public function is wrapped in the external claimRevenue function. Attacker can call _claimRevenue to claim Revenue Tokens into the Spigot escrow for later withradrawal.

Tools Used

Manual review

Recommended Mitigation Steps

Change function visibility to internal

The text was updated successfully, but these errors were encountered:

All reactions

JSON