In the constructor of the ProxyFactory contract, whitelisted tokens are set without any access control checks. This allows any user to modify the whitelisted tokens, potentially introducing malicious tokens.
Permitting unrestricted modification of whitelisted tokens could lead to the inclusion of malicious tokens, potentially undermining the contract's intended functionality.
1 . Deploy the ProxyFactory contract.
2 . Use the constructor or accessible functions to add a malicious token to the whitelist.
The contract IS altered due to the addition of the malicious token.
Implement access control mechanisms (e.g., onlyOwner modifier) to restrict the modification of whitelisted tokens to authorized users only, ensuring the integrity of the whitelist.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.