Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Sensitive function should only be callable by authorized roles

Summary

The setPassword() function is callable by regular user.Sensitive function to update password should be protected by modifiers e.g onlyOwner()

Vulnerability Details

function setPassword(string memory newPassword) external {
s_password = newPassword;
emit SetNetPassword();
}

Impact

password gets changed

Tools Used

manual audit

Recommendations

use modifiers like onlyOwner() or consider other access control mechanism.

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-lacking-access-control

Anyone can call `setPassword` and set a new password contrary to the intended purpose.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.