Closed c4-bot-6 closed 2 months ago
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221-L264
There is missing access control, so any user can call the startToken and can set arbitary values
startToken
Manual code review
Add access control
Access Control
The call is atomic https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticFactory.sol#L248
Picodes marked the issue as primary issue
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221-L264
Vulnerability details
Impact
There is missing access control, so any user can call the
startToken
and can set arbitary valuesProof of Concept
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221-L264
Tools Used
Manual code review
Recommended Mitigation Steps
Add access control
Assessed type
Access Control