The function burn is external wich everyone can call.
Summary
The function burn is external wich means everyone can call the function but this is not desired. In the function burn it says "// this low-level function should be called from a contract which performs important safety checks" but this can still be called regardless of the safety checks. An attacker does not have to go through the safety checks he can just call it directly.
Vulnerability Detail
Access controlls
Impact
Everyone can call the function, allowing everyone to burn all the liquidity.
kolos3
high
The function burn is external wich everyone can call.
Summary
The function
burn
is external wich means everyone can call the function but this is not desired. In the functionburn
it says "// this low-level function should be called from a contract which performs important safety checks" but this can still be called regardless of the safety checks. An attacker does not have to go through the safety checks he can just call it directly.Vulnerability Detail
Access controlls
Impact
Everyone can call the function, allowing everyone to burn all the liquidity.
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaPair.sol#L183C1-L208C1
Code Snippet
Tool used
VsCode, Manual Review
Recommendation
Make the function private.
Duplicate of #95