Submission Details
Severity:
```initVault``` function of Vault.sol can be called by anyone
Summary
The initVault function within the Vault.sol contract lacks proper access control, allowing anyone to call it and potentially manipulate the token supply or grant unauthorized access to funds.
Vulnerability Details
1)The initVault function lacks any access control mechanisms to restrict callers.
Anyone can call the function with the required arguments, regardless of their role or authorization.
3)The function simply checks the vaultInitialize flag to prevent multiple initializations, but this doesn't address the issue of unauthorized access.
if (vaultInitialize) revert Vault__AlreadyInitialized();
loveToken.initVault(managerContract);
vaultInitialize = true;
}```
## Impact
Unauthorized token minting or compromised access to vault funds could lead to significant financial losses for the project and its stakeholders.
## Tools Used
Manual Review
## Recommendations
Enforce strict access control mechanisms to restrict the initVault function to authorized entities only. Like use roles or groups to grant access only to specific addresses or contracts.
Rewards breakdown
nSLOC
233This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.