SYM_SOL_0023 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description
The _transfer() function in your ERC20 contract is set to public or external, allowing anyone to call it directly. This bypasses intended access controls and exposes internal transfer logic to arbitrary external calls.
Impact
Attackers could transfer tokens between accounts without proper authorization, potentially draining user balances or manipulating funds. This can lead to loss of assets, contract compromise, and severe trust issues for the token ecosystem.