SYM_SOL_0012 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description
The contract allows anyone to update oracle price data without any access restrictions. This means that untrusted users can submit arbitrary price information to the system.
Impact
An attacker could manipulate price data, leading to incorrect asset valuations, potential financial loss, and exploitation of trading or lending mechanisms reliant on these prices. This can result in stolen funds, market manipulation, or collapse of trust in the platform.