Lack of authority control

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x87fb9b664d6e11ea8bc56c5e17a9335f45d2fc5b6b3f8a9faeb3459010d17e29 Severity: high

Description: Description

Anyone can call the setOwners function of the Attacker contract by changing its storage

Attack Scenario

Anyone can overwrite the variable owners

Attachments

• https://github.com/keyper-labs/PalmeraModule/blob/dfd821e2fd7825c66c079c19be9460238f6e045a/src/ReentrancyAttack.sol#L72-L78

function setOwners(address[] memory _owners) public {

it is advisable to use the onlyOwner modifier of the contract Ownable2Step.sol in this function

[0xRizwan]

Non-issue, ReentrancyAttack.sol is used only for simulation/testing.

[alfredolopez80]

Non-issue, ReentrancyAttack.sol is used only for simulation/testing.

i agree @0xRizwan is invalid!!