3 matches found
SingleAdminAccessControl contract allows admin to be transferred without removing old admin first
Lines of code Vulnerability details Description The SingleAdminAccessControl contract allows the admin role to be transferred to a new address without first removing the old admin. This is a security vulnerability, as it allows a malicious admin to transfer the role to a new address and then lock...
MaltRepository._revokeRole may not work correctly
Lines of code Vulnerability details Impact MaltRepository inherits from AccessControl and adds validation of validRoles to the hasRole function, which means that even if super.hasRolerole, account == true, if validRolesrole == false hasRole will return false, which will cause revokeRole to not wo...
_revokeRole doesn't remove account from roleMember set
Lines of code Vulnerability details Impact The function doesn't remove the address from roleMembersrole set, which will mess up with the roleCount Proof of Concept Tools Used Recommended Mitigation Steps rolesrole.membersaccount = false; roleMembersrole.removeaccount; --- The text was updated...