Uniswap callback is not protected
Description
The Uniswap callback function is not properly protected, potentially allowing unauthorized access. This can be mitigated by adding a validation or check to ensure the callback is coming from a trusted source.
Examples
Insecure Code
solidity
function uniswapV2Call(...) {...}Secure Code
solidity
function uniswapV2Call(...) {
require(msg.sender == UNISWAP_POOL, "Unauthorized");
...}Remediation
Add a validation or check to the callback function to ensure it is coming from a trusted source, such as the Uniswap pool contract.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0485 |
| Category | AccessControl |
| Severity | HIGH |
| CWE | CWE-284 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | uniswap, callback, access control |
| OWASP | N/A |