Anyone can call functions lockUnits and unlockUnits (not only router) as it does not have any authorization checks. Thus it is possible to set any values for an account and thus make functions that rely on these values misbehave or fail.
Recommended Mitigation Steps
Add authorization so only the intended entities would be able to lock and unlock units.
Handle
paulius.eth
Vulnerability details
Impact
Anyone can call functions lockUnits and unlockUnits (not only router) as it does not have any authorization checks. Thus it is possible to set any values for an account and thus make functions that rely on these values misbehave or fail.
Recommended Mitigation Steps
Add authorization so only the intended entities would be able to lock and unlock units.