SYM_SOL_0032 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Input Validation
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description
The contract decodes user-supplied context (ctx) without validating its authenticity, allowing attackers to craft calldata that impersonates other accounts. This missing input validation exposes the contract to unauthorized actions.
Impact
If exploited, attackers can perform actions as if they were other users, potentially leading to theft of funds, unauthorized token transfers, or manipulation of contract state. This can result in severe financial and reputational damage to both users and the organization.