XO-The onlyCollateral modifier does not check to see if the controller().collateral() function returns a valid address.
Summary
The onlyCollateral modifier does not check to see if the controller().collateral() function returns a valid address. This means that an attacker can call the onlyCollateral modifier with a contract address that is not the collateral contract.
There is a vulnerability in the controller() function, the problem is in the the onlyCollateral modifier, it does not check to see if the controller().collateral() function returns a valid address. This means that an attacker could call the onlyCollateral modifier with a contract address that is not the collateral contract, and the modifier would not do anything. This could allow an attacker to bypass the modifier and call the function that is protected by the modifier.
Impact
An attacker can bypass the modifier and call the function that is protected by the modifier and this lead to steal funds from the contract.
XDZIBEC
medium
XO-The
onlyCollateralmodifier does not check to see if thecontroller().collateral()function returns a valid address.Summary
The
onlyCollateralmodifier does not check to see if thecontroller().collateral()function returns a valid address. This means that an attacker can call theonlyCollateralmodifier with a contract address that is not the collateral contract.Vulnerability Detail
controller()function, the problem is in the theonlyCollateralmodifier, it does not check to see if thecontroller().collateral()function returns a valid address. This means that an attacker could call theonlyCollateralmodifier with a contract address that is not thecollateralcontract, and the modifier would not do anything. This could allow an attacker to bypass the modifier and call the function that is protected by the modifier.Impact
Code Snippet
Tool used
Manual Review
Recommendation
require(controller().collateral() != address(0));to theonlyCollateralmodifier.