Open code423n4 opened 3 years ago
0xRajeev
Access control of external/public functions via modifiers/requires/checks is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the setAdmin() function which is accessible only by Pool Delegate.
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L329-L337
Manual Analysis
Add “Can only called by the pool delegate.” to @dev on L330.
Informational, will address
Handle
0xRajeev
Vulnerability details
Impact
Access control of external/public functions via modifiers/requires/checks is typically specified in the @dev part of the NatSpec comment. This highlight is missing for the setAdmin() function which is accessible only by Pool Delegate.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L329-L337
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add “Can only called by the pool delegate.” to @dev on L330.