Closed howlbot-integration[bot] closed 3 months ago
This poses a security risk in case of malicious owner, since disallowedTokens can be withdrawn by owner
koolexcrypto marked the issue as duplicate of #90
koolexcrypto marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L364-L366
Vulnerability details
Impact
The lack of token removal functionality undermines the contract's security and flexibility. It could lead to situations where unauthorized tokens remain permitted
Proof of Concept
The contract lacks a function to remove or disallow tokens once they have been added using the allowToken function. This omission poses a potential security risk as there is no mechanism to revoke permission for tokens that are no longer desired or trusted.
Tools Used
Manual code review
Recommended Mitigation Steps
Add disallowToken function
Assessed type
Context