2 matches found
auth collision possible
Handle gpersoon Vulnerability details Impact The auth mechanism of AccessControl.sol uses function selectors msg.sig as a unique role definition. Also the moduleCall allows the code to be extended. Suppose an attacker wants to add the innocent looking function "leftbranchblockuint32" in an new...
auth only works well with external functions
Handle gpersoon Vulnerability details Impact The auth modifier of AccessControl.sol doesn't work as you would expect. It checks if you are authorized for "msg.sig", however msg.sig is the signature of the first function you have called, not of the current function. So if you call function A, whic...