The _securityCouncil update will be prevented by continuously calling the perform function. Since the function rely on the nonce value, this function can be continuously called and nonce value is updated.
This would prevent the valid security council update since the nonce is lesser than the input value.
As we can see the perform function is public and anyone can call this.
In order to execute the council update, the calculated nonce value should be greater than previous nonce value.
But, if the _securityCouncil is known, anyone can call with empty _updatedMembers array and update the nonce value.
So, valid update will be prevented due to this.
Manual review.
Following methods are suggeted.
Access Control
The text was updated successfully, but these errors were encountered:
All reactions