SYM_SOL_0029 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description
The setMultipleAllowances() function lacks an onlyOwner modifier, meaning anyone—not just the contract owner—can call it. This allows unauthorized users to change allowances without proper permission checks.
Impact
If exploited, an attacker could grant themselves or others unauthorized allowances, potentially gaining control over funds or resources managed by the contract. This can lead to loss of assets, unauthorized transactions, and full compromise of the contract’s integrity.