Missing access control CollateralTracker::startToken

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221-L264

Vulnerability details

Impact

There is missing access control, so any user can call the startToken and can set arbitary values

Proof of Concept

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221-L264

Tools Used

Manual code review

Recommended Mitigation Steps

Add access control

Assessed type

Access Control

[Picodes]

The call is atomic https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticFactory.sol#L248

[c4-judge]

Picodes marked the issue as primary issue

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid