Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-03-POLYNOMIAL-FINDINGS-ISSUES-233
HistoryMar 20, 2023 - 12:00 a.m.

Potential lose of Vault control

2023-03-2000:00:00
Code4rena
github.com
3
vault control
setvault function
verification
mitigation steps
JSON

Lines of code

Vulnerability details

Impact

If by any means this function is not called first by the creators anyone can be the one to define it forever since there is no verification, after that the attacker will have complete control over the mint and burn functions.

#Proof of Concept

    function setVault(address _vault) external {
        if (vault != address(0x0)) {
            revert();
        }
        vault = _vault;
    }

Tools Used

Manual

Recommended Mitigation Steps

Be sure to assign it when deploying the contract or add a new modifier so it can still be defined only once but only by the right person.

The text was updated successfully, but these errors were encountered:

All reactions

JSON