Beatland Festival

First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Impact: high
Likelihood: high
Invalid

Missing Access Control in Interface Documentation


Description

  • Multiple functions like buyPass(), redeemMemorabilia(), attendPerformance() are marked externally callable with no reference to access control modifiers (like onlyOwner, onlyOrganizer, etc.).


Impact:

  • Unauthorized purchases or redemptions

  • Free BEAT token farming

  • Mint spam (DoS via NFT flooding)

Recommended Mitigation

Document expected modifiers in interface via comments, and enforce them strictly in the implementation.

Example:

/// @dev Only callable by organizer
function configurePass(...) external;
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.