Certain authorization patterns, do not use a direct
require(msg.sender == owner);
and instead perform a mapping-based authorization lookup that leads to the branch condition.
An example is provided below. This currently leads to violations for UnrestrictedWrite.
contract AuthTest {
mapping(address => bool) isAuthorized;
uint internal secret;
constructor() public {
isAuthorized[msg.sender] = true;
}
function setAuthorization(address a, bool v)
public
auth
{
isAuthorized[a] = v;
}
modifier auth {
require(isAuthorized[msg.sender]);
_;
}
function sensitiveFunc(uint x) public auth returns (bool) {
secret = x;
}
}
Certain authorization patterns, do not use a direct
and instead perform a mapping-based authorization lookup that leads to the branch condition. An example is provided below. This currently leads to violations for UnrestrictedWrite.