Open code423n4 opened 3 years ago
0xRajeev
Access control of external/public functions via modifiers or require statements is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the pull() function of StakeLocker.sol which is accessible only by isPool.
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/StakeLocker.sol#L125-L132
Manual Analysis
Add “Only Pool can call this function.” to @dev on L126.
Informational, will address
lucas-manuel
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
Access control of external/public functions via modifiers or require statements is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the pull() function of StakeLocker.sol which is accessible only by isPool.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/StakeLocker.sol#L125-L132
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add “Only Pool can call this function.” to @dev on L126.