Open hats-bug-reporter[bot] opened 7 months ago
Thank you for the submission.
This distribution of accesses was intended from the beginning in the contracts we inherit, although it looks strange now that Voter doesn't call any methods, it also doesn't cause any ill effect
Github username: @https://github.com/Pavel2202 Twitter username: https://twitter.com/timenov_pavel Submission hash (on-chain): 0x123777fe182d065a7920404d2fbf4db791dbbc1d1c90727b537a07b895803444 Severity: low
Description: Description\ In
BribeFactory.sol
there are 2 functions calledaddRewards
. The first can be called only by the owner, but the second can be called both by the owner and voter. Consider allowing the voter to call the first function or dissallow him of calling the second.https://github.com/Satsyxbt/Fenix/blob/7b81d318fd9ef6107a528b6bd49bb9383e1b52ab/contracts/bribes/BribeFactoryUpgradeable.sol#L85-L103
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)