Improper Input Validation
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description#
The code allows external users to specify both the address and data for a low-level call() function, enabling them to trigger arbitrary external contract calls without validation. This exposes the contract to external control over its behavior.
Impact#
An attacker could exploit this to execute malicious code, drain funds, or manipulate contract logic by making unauthorized calls to any contract. This can lead to loss of assets, theft, or complete compromise of the contract and its users.