Title: Access Control Vulnerability in createEdge Function Allows Unauthorized Edge Creation
Summary
The createEdge function lacks access control, allowing any address to call it and create edges. However, related functions such as createEdges have access control implemented through the onlyRolesOrOwner(ADMIN_ROLE) modifier.
Vulnerability Detail
The vulnerability lies in the createEdge function, where there is no access control check. This means any external address can call the function and create edges in the graph without restriction.
Impact
The lack of access control in the createEdge function can lead to unauthorized creation of edges by any address, potentially disrupting the integrity of the graph data.
Implement access control in the createEdge function to ensure that only authorized entities can create edges. This could involve applying the same access control mechanism (onlyRolesOrOwner(ADMIN_ROLE)) used in the createEdges function.
recursiveEth
medium
Title: Access Control Vulnerability in createEdge Function Allows Unauthorized Edge Creation
Summary
The createEdge function lacks access control, allowing any address to call it and create edges. However, related functions such as createEdges have access control implemented through the onlyRolesOrOwner(ADMIN_ROLE) modifier.
Vulnerability Detail
The vulnerability lies in the createEdge function, where there is no access control check. This means any external address can call the function and create edges in the graph without restriction.
Impact
The lack of access control in the createEdge function can lead to unauthorized creation of edges by any address, potentially disrupting the integrity of the graph data.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L64
Tool used
Manual Review
Recommendation
Implement access control in the createEdge function to ensure that only authorized entities can create edges. This could involve applying the same access control mechanism (onlyRolesOrOwner(ADMIN_ROLE)) used in the createEdges function.