Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: low

Lack of Access Control for Token Whitelisting

Description:

In the constructor of the ProxyFactory contract, whitelisted tokens are set without any access control checks. This allows any user to modify the whitelisted tokens, potentially introducing malicious tokens.

Impact:

Permitting unrestricted modification of whitelisted tokens could lead to the inclusion of malicious tokens, potentially undermining the contract's intended functionality.

Proof of Concept:

1 . Deploy the ProxyFactory contract.
2 . Use the constructor or accessible functions to add a malicious token to the whitelist.

The contract IS altered due to the addition of the malicious token.

Recommendation:

Implement access control mechanisms (e.g., onlyOwner modifier) to restrict the modification of whitelisted tokens to authorized users only, ensuring the integrity of the whitelist.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.