Flow

Summary

The absence of access control in the batch function allows unauthorized execution of arbitrary functions, posing significant security risks, including unauthorized state manipulation and potential denial of service. Implementing access control measures, such as an onlyOwner modifier or other relevant access control patterns, is crucial to mitigate these risks and ensure the integrity and functionality of the contract.

Vulnerability Details

The batch function in the contract lacks any form of access control, allowing any external user to call it. This function utilizes delegatecall to execute arbitrary functions within the contract's context. Without appropriate access restrictions, unauthorized users can manipulate contract behavior, leading to various security vulnerabilities.

Impact

Unauthorized users can execute any function within the contract, resulting in unintended state changes or exploitation of vulnerable functions. This could lead to unauthorized transfers, modifications, or deletions of critical data.

Tools Used

Manual Review

Recommendations

To address the lack of access control in the `batch` function, apply onlyOwner modifier so that only owner can access it.