Insecure Authentication Using account_contract_address
Description
Using `account_contract_address` for authentication is insecure. It can be bypassed, allowing unauthorized access. Use `get_caller_address` or an appropriate method for verifying users.
Examples
Insecure Code
cairo
tx_info.account_contract_address;Secure Code
cairo
get_caller_address();Remediation
Replace `account_contract_address` with `get_caller_address` or implement a secure authentication mechanism.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0622 |
| Category | Auth |
| Severity | MEDIUM |
| CWE | CWE-288 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | authentication, authorization |
| OWASP | N/A |