Open code423n4 opened 3 years ago
0xRajeev
Access control of external/public functions via modifiers or require statements is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the claim() function which is accessible only by isPool.
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/DebtLocker.sol#L44-L54
Manual Analysis
Add “Only called by the pool contract.” to @dev on L45.
Handle
0xRajeev
Vulnerability details
Impact
Access control of external/public functions via modifiers or require statements is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the claim() function which is accessible only by isPool.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/DebtLocker.sol#L44-L54
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add “Only called by the pool contract.” to @dev on L45.