GivingThanks

First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Unauthorized access to changeAdmin from outside

Summary

Since changeAdmin is an external function, it can be called from outside the contract, bypassing the msg.sender == admin check

Vulnerability Details

If both the base contract and the derived contract define a public function with the same name (like changeAdmin), Solidity will choose the function from the most derived contract (your contract)

Since changeAdmin is an public function, it can be called from outside the contract, bypassing the msg.sender == admin check

Impact

Tools Used

Recommendations

If needed, use the onlyOwner modifier instead of checking msg.sender == admin manually.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.