Incorrect Position of 'from' Parameter Check in '_allowances' Mapping
Description
The 'from' parameter is checked at an incorrect position in the '_allowances' mapping, potentially leading to unauthorized access or manipulation of allowances.
Examples
Insecure Code
solidity
function burnFrom(address from, ...) {
_burn(from, ...);
require(_allowances[msg.sender][from] >= amount, ...);
}Secure Code
solidity
function burnFrom(address from, ...) {
require(_allowances[msg.sender][from] >= amount, ...);
_burn(from, ...);
}Remediation
Move the check for the 'from' parameter to the correct position in the '_allowances' mapping to ensure proper authorization and access control.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0503 |
| Category | AccessControl |
| Severity | HIGH |
| CWE | CWE-688 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | MODERATE |
| Tags | smart contract, access control |
| OWASP | N/A |
References
- https://twitter.com/Mauricio_0218/status/1490082073096462340
- https://etherscan.io/address/0xe38b72d6595fd3885d1d2f770aa23e94757f91a1