Restrict Access to setWitness Function in MockTEERollup Contract

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xd169ee8dac441035a8113d7482ae5e401b3c2d365d0711620f607e34bd1e4d8d Severity: low

Description: Description\ The MockTEERollup contract currently allows any user to call the setWitness function, which sets the public keys of witnesses. This poses a security risk as unauthorized users can modify the list of witnesses, potentially compromising the integrity of the contract's operations.

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

1. Proof of Concept (PoC) File

   current implementation,here anyone can call this function and manipulate the keys

   function setWitness(bytes[] calldata publicKeys) public {
   TEERollup.WitnessActivation[] memory _witness = new TEERollup.WitnessActivation[](publicKeys.length);
   for (uint i = 0; i < _witness.length; i++) {
       _witness[i].publicKey = publicKeys[i];
       _witness[i].isActive = true;
   }
   
   _setWitnessPublicKeys(_witness);
   }

2. Revised Code File (Optional)

3. Import Ownable: Import the Ownable contract from OpenZeppelin.

4. Inherit Ownable: Make MockTEERollup inherit from Ownable.

5. Add onlyOwner Modifier: Use the onlyOwner modifier on the setWitness and setMinWitness functions to restrict access to the contract owner. This ensures that only the owner of the contract can call the setWitness and setMinWitness functions.

[rotcivegaf]

It's a mock