Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Inadequate Access Control in `distributeByOwner`

kerdakov

Summary

Inadequate Access Control in distributeByOwner Function Vulnerability in ProxyFactory Contract

Vulnerability Details

The vulnerability arises from the inadequate access control in the distributeByOwner function of the ProxyFactory contract. As the function is only restricted by the onlyOwner modifier, any address with ownership rights can call this function, potentially leading to unintended or malicious token distributions.

Impact

Inadequate access control in the distributeByOwner function could lead to unauthorized or unintended distributions of tokens. This might result in financial losses or manipulation of contest outcomes.

Tools Used

Manual code review and analysis of the access control mechanisms in the distributeByOwner function.

Recommendations

To mitigate this vulnerability, consider the following recommendations:

Enhanced Access Control: Implement more granular access control mechanisms to restrict the usage of the distributeByOwner function to authorized addresses or actions.
Multi-Signature: Consider implementing multi-signature mechanisms for sensitive functions involving distributions or fund transfers.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.