Improper Access Control
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description#
The burn function allows any user to burn (destroy) tokens from any account, rather than restricting this action to the token owner. This means someone could burn tokens belonging to other users without their permission.
Impact#
If exploited, an attacker could destroy tokens from any user’s account, causing loss of funds, disrupting user balances, and potentially undermining trust in the token contract. This could result in significant financial damage and reputational loss for the project.