Missing Access Control in withdrawManagerBalance Function
Summary
The withdrawManagerBalance function is intended to allow either the metaVault or the manager to withdraw manager fees. However, the function currently lacks an access control modifier, making it accessible to any external caller. This can lead to unauthorized withdrawals of manager fees, posing a significant security risk.
Vulnerability Detail
The withdrawManagerBalance function does not have any access control mechanism in place, which means that any user can call this function. As a result, unauthorized entities can withdraw manager fees, compromising the security and integrity of the contract.
Impact
The lack of access control on the withdrawManagerBalance function allows any external caller to withdraw manager fees, leading to potential financial loss and unauthorized access to funds. This could severely impact the contract's users and stakeholders, eroding trust and potentially causing significant financial damage.
To resolve this issue, implement an access control modifier to ensure that only authorized entities (either the metaVault or the manager) can call the withdrawManagerBalance function. This can be done by adding a new modifier and applying it to the function. Use onlyManager
NoOne
high
Missing Access Control in withdrawManagerBalance Function
Summary
The
withdrawManagerBalancefunction is intended to allow either themetaVaultor themanagerto withdraw manager fees. However, the function currently lacks an access control modifier, making it accessible to any external caller. This can lead to unauthorized withdrawals of manager fees, posing a significant security risk.Vulnerability Detail
The
withdrawManagerBalancefunction does not have any access control mechanism in place, which means that any user can call this function. As a result, unauthorized entities can withdraw manager fees, compromising the security and integrity of the contract.Impact
The lack of access control on the
withdrawManagerBalancefunction allows any external caller to withdraw manager fees, leading to potential financial loss and unauthorized access to funds. This could severely impact the contract's users and stakeholders, eroding trust and potentially causing significant financial damage.Code Snippet
function withdrawManagerBalance
Tool used
Manual Review
Recommendation
To resolve this issue, implement an access control modifier to ensure that only authorized entities (either the metaVault or the manager) can call the
withdrawManagerBalancefunction. This can be done by adding a new modifier and applying it to the function. UseonlyManager