SYM_SOL_0011 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | High |
Description
The oracle update function in your smart contract is missing access control, allowing anyone to call it. This means that unauthorized users can update or manipulate oracle data.
Impact
If exploited, an attacker could feed false or manipulated data to your application by updating the oracle, potentially leading to financial loss, incorrect contract behavior, or exploitation of protocol logic. This could compromise user funds and undermine trust in the contract.