Closed 0xDatapunk closed 6 months ago
the _addMember function is missing onlyGroupAdmin(groupId) check, Without it anyone can add to the group.
onlyGroupAdmin(groupId)
https://github.com/semaphore-protocol/semaphore/blob/8eb19e83fda62644872b2fcfbd85011d3b2c21e2/packages/contracts/contracts/base/SemaphoreGroups.sol#L83
Assigned to @zkfriendly
cedoor
commented
6 months ago cedoor
commented
6 months ago
the _addMember function is missing
onlyGroupAdmin(groupId)check, Without it anyone can add to the group.https://github.com/semaphore-protocol/semaphore/blob/8eb19e83fda62644872b2fcfbd85011d3b2c21e2/packages/contracts/contracts/base/SemaphoreGroups.sol#L83