Detailed description of the impact of this finding.
The ERC20ProxyDelegator constructor appears to be used for delegating voting rights to a delegate by allowing them to call the delegate function of an ERC20Votes contract. To secure this function, you should consider the following measures:
Access Control:
Limit who can deploy the ERC20ProxyDelegator contract. You can use an access control mechanism, such as OpenZeppelinβs Ownable, to ensure that only trusted addresses can deploy this contract.
Manual Audit
import β@openzeppelin/contracts/access/Ownable.solβ;
contract ERC20ProxyDelegator is Ownable {
constructor(ERC20Votes _token, address _delegate) {
_token.approve(msg.sender, type(uint256).max);
_token.delegate(_delegate);
}
}
Access Control
The text was updated successfully, but these errors were encountered:
All reactions