SYM_SOL_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description
The burn function allows any user to burn (destroy) tokens from any account, rather than restricting this action to the token owner. This means someone could burn tokens belonging to other users without their permission.
Impact
If exploited, an attacker could destroy tokens from any user’s account, causing loss of funds, disrupting user balances, and potentially undermining trust in the token contract. This could result in significant financial damage and reputational loss for the project.