Closed sherlock-admin2 closed 1 month ago
1 comment(s) were left on this issue during the judging contest.
infect3d commented:
this is false: ""The sponsor function is intended to be called only by the Vault contract""
Invalid, permissions to delegate is gated to caller msg.sender
newt
medium
Lack of Access Control on
sponsor
FunctionSummary
The sponsor function is intended to be called only by the Vault contract, but it lacks access control, allowing any address to call it. This can lead to unauthorized entities calling the function,
Vulnerability Detail
The contract owner or the designated controller (Vault) loses control over who can perform sponsorship delegations.
Impact
This could lead to hackers exploiting the function manipulating the sponsorship
Code Snippet
function sponsor(address _from) external { _delegate(msg.sender, _from, SPONSORSHIP_ADDRESS); }
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L533-L535
Tool used
Manual Review
Recommendation
implement access control to ensure that only the Vault contract can call the
sponsor
function