feedHorse()
The feedHorse
function lacks access control, allowing anyone to feed any horse without verifying permissions. This could lead to unintended feeding of horses, potentially disrupting the intended behavior of the contract.
Manual code analysis
To mitigate the lack of access control in feedHorse()
, ensure that the caller is either the owner or an approved address for the specified horse. Adding a require
statement to check ownership or approval helps prevent unauthorized feeding of horses.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.