Lack of Access Control in FundFlowController::updateVaultGroups Function
Summary
This vulnerability could lead to unauthorized access to critical operations, such as vault group transitions and asset reallocation. If exploited, it may cause financial loss or break the system's intended workflow.
Vulnerability Details
The FundFlowController::updateVaultGroups Function is marked as external, meaning any external address (user or smart contract) can call it without restriction. There is no onlyOwner, or similar role-based access control to ensure that only authorized entities can execute the function which could disrupt the claim period schedule and interfere with vault group transitions.
Impact
Disruption of Workflow:
Unauthorized or premature execution could disrupt the claim period schedule and interfere with vault group transitions.
Tools Used
Manual Review
Recommendations
Implement Access Control:
Restrict access to the function by using role-based access control (RBAC) or an ownership
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.