Unprotected transferFrom() Function
Description
The transferFrom() function is not properly protected, allowing an attacker to perform transfers with arbitrary addresses.
Examples
Insecure Code
solidity
function transferTokens(address from, address to, uint amount) external { token.transferFrom(from, to, amount); }Secure Code
solidity
function transferTokens(address from, address to, uint amount) external onlyOwner { token.transferFrom(from, to, amount); }Remediation
Add access control mechanisms, such as onlyOwner or role-based access control, to restrict the use of the transferFrom() function.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0505 |
| Category | AccessControl |
| Severity | HIGH |
| CWE | CWE-284 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | access control, solidity |
| OWASP | N/A |