SanketKogekar - The functions `forceCancelQuote`, `forceCancelCloseRequest`, `forceClosePosition` has the missing modifier `onlyPartyAOfQuote` which makes it callable by anyone. #306
The functions forceCancelQuote, forceCancelCloseRequest, forceClosePosition has the missing modifier onlyPartyAOfQuote which makes it callable by anyone.
Summary
The three functions forceCancelQuote, forceCancelCloseRequest, forceClosePosition from PartyAFacet.sol has the missing modifier onlyPartyAOfQuote which makes it callable by anyone.
Vulnerability Detail
The modifier onlyPartyAOfQuote is meant to be used on functions : forceCancelQuote, forceCancelCloseRequest & forceClosePosition and failing to do so can allow any user to make actions on PartyA's behalf.
Impact
Since the modifier is missing, anyone can call the functions forceCancelQuote, forceCancelCloseRequest & forceClosePosition and make actions for PartyA on user's behalf.
SanketKogekar
medium
The functions
forceCancelQuote,forceCancelCloseRequest,forceClosePositionhas the missing modifieronlyPartyAOfQuotewhich makes it callable by anyone.Summary
The three functions
forceCancelQuote,forceCancelCloseRequest,forceClosePositionfromPartyAFacet.solhas the missing modifieronlyPartyAOfQuotewhich makes it callable by anyone.Vulnerability Detail
The modifier
onlyPartyAOfQuoteis meant to be used on functions :forceCancelQuote,forceCancelCloseRequest&forceClosePositionand failing to do so can allow any user to make actions on PartyA's behalf.Impact
Since the modifier is missing, anyone can call the functions forceCancelQuote, forceCancelCloseRequest & forceClosePosition and make actions for PartyA on user's behalf.
Code Snippet
https://github.com/sherlock-audit/2023-06-symmetrical/blob/6d2b64b6732fcfbd07c8217897dd233dbb6cd1f5/symmio-core/contracts/facets/PartyA/PartyAFacet.sol#L134-L169
Tool used
Manual Review
Recommendation
Add the modifier
onlyPartyAOfQuoteto all three functions.