SYM_SOL_0010 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Input Validation
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description
The contract uses delegatecall with an address provided by external input, allowing untrusted users to execute code in the context of your contract. This means attackers can control what code runs and access your contract’s storage.
Impact
If exploited, an attacker could execute arbitrary code with your contract’s privileges, potentially stealing funds, corrupting data, or taking full control of the contract. This could lead to significant financial loss and compromise the security of your entire dApp or platform.