SYM_SOL_0021 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The Uniswap callback function in your contract is missing proper access control checks to ensure only authorized Uniswap pool contracts can call it. Without these validations, any external entity could trigger the callback and potentially manipulate your contract’s logic.
Impact
If exploited, an attacker could call the callback function directly, bypassing expected Uniswap behavior and potentially draining funds, executing unauthorized transactions, or disrupting contract operations. This could lead to significant financial losses and compromise the integrity of your smart contract.