Lines of code

Vulnerability details

Impact

Detailed description of the impact of this finding.
The ERC20ProxyDelegator constructor appears to be used for delegating voting rights to a delegate by allowing them to call the delegate function of an ERC20Votes contract. To secure this function, you should consider the following measures:

Access Control:
Limit who can deploy the ERC20ProxyDelegator contract. You can use an access control mechanism, such as OpenZeppelin’s Ownable, to ensure that only trusted addresses can deploy this contract.

#Proof of Concept

Tools Used

Manual Audit

Recommended Mitigation Steps

import “@openzeppelin/contracts/access/Ownable.sol”;

contract ERC20ProxyDelegator is Ownable {
constructor(ERC20Votes _token, address _delegate) {
_token.approve(msg.sender, type(uint256).max);
_token.delegate(_delegate);
}
}

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions