Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-12-PREPO-FINDINGS-ISSUES-224
HistoryDec 12, 2022 - 12:00 a.m.

Attacker can set anyone as the tokenSender role

2022-12-1200:00:00
Code4rena
github.com
9
vulnerability
access control
escalation
JSON

Lines of code

Vulnerability details

Impact

The setTokenSender function which is the function that is responsible to set the token sender role is made public with no access control, which makes attacker escalate his privileges to the token sender role

Proof of Concept

truffle console --networkId 555
compile
user = "choose address from the ganache list"
attacker = "choose address from the ganache list"
TokenSenderCaller.deployed().then(function(instance){app=instance;})
app.setTokenSender(user,{from:user})
app.getTokenSender()
// returns treasury
app.getTokenSender(attacker,{from:attacker})
// will returns the new treasury

Tools Used

Manual

Recommended Mitigation Steps

Add access control on the function

The text was updated successfully, but these errors were encountered:

All reactions

JSON