Improper Access Control
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description#
The _transfer() function in your ERC20 contract is set to public or external, allowing anyone to call it directly. This bypasses intended access controls and exposes internal transfer logic to arbitrary external calls.
Impact#
Attackers could transfer tokens between accounts without proper authorization, potentially draining user balances or manipulating funds. This can lead to loss of assets, contract compromise, and severe trust issues for the token ecosystem.