Missing Access Control in setMultipleAllowances() Function
Description
The setMultipleAllowances() function is missing the onlyOwner modifier, which allows unauthorized access and modification of allowances.
Examples
Insecure Code
solidity
function setMultipleAllowances(...) {...}Secure Code
solidity
function setMultipleAllowances(...) onlyOwner {...}Remediation
Add the onlyOwner modifier to the setMultipleAllowances() function to restrict access to the contract owner.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0802 |
| Category | AccessControl |
| Severity | CRITICAL |
| CWE | CWE-284 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | access control, smart contract |
| OWASP | N/A |
References
- https://play.secdim.com/game/dapp/challenge/rigoownsol
- https://twitter.com/danielvf/status/1494317265835147272
- https://etherscan.io/address/0x876b9ebd725d1fa0b879fcee12560a6453b51dc8