Admin functions do not use a custom admin role and rely only on owner access control.
Recommendation: Implement a custom admin role.
// Custom admin role instead of owner
enum Role {
ADMIN
}
// Restrict drop function
function dropTopVotedPiece() external onlyRole(Role.ADMIN) {
// Logic
}
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/CultureIndex.sol#L519
Vulnerability details
Admin functions do not use a custom admin role and rely only on owner access control.
Recommendation: Implement a custom admin role.
Assessed type
Access Control