Improper Access Control found in `AaveDIVAWrapperCore::_registerCollateralToken`, `AaveDIVAWrapperCore::_createContingentPool` and `AaveDIVAWrapperCore::_addLiquidity `
Description: Improper access control occurs when a contract function is accessible to unauthorized users, potentially allowing them to perform actions that should be restricted. In the AaveDIVAWrapperCore contract, functions such as _registerCollateralToken, _createContingentPool, and _addLiquidity are internal. These functions are intended to be called by derived contracts. However, if derived contracts expose these functions without implementing proper access control, unauthorized users could exploit them.
Impact:
Unauthorized users could register collateral tokens, create pools, add liquidity, or manipulate the contract in unintended ways.
This could lead to financial loss, disruption of contract functionality, or exploitation of the protocol.
Proof of Concept: Consider a derived contract that exposes the _registerCollateralToken function without access control:
In this example, any user can call registerCollateralToken and register arbitrary tokens, potentially disrupting the contract's intended operation.
Recommended Mitigation:
Use Access Control Modifiers: Implement access control modifiers such as onlyOwner or onlyAuthorized to restrict access to sensitive functions.
Example:
By ensuring that only authorized users can access critical functions, you can mitigate the risk
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.