Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.
The contract SplitsCreator is importing an access control library @openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol but the function create is missing the modifier onlyOwner.
Remediation
It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same
aowheel
commented
1 month ago
SSP_26977_134
Description
Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.
The contract SplitsCreator is importing an access control library @openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol but the function create is missing the modifier onlyOwner.
Remediation
It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same
Code Snapshot
https://github.com/hackdays-io/toban/blob/main/pkgs/contract/contracts/splitscreator/SplitsCreator.sol#L36-L141