Improper Access Control
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
The setMultipleAllowances() function lacks an onlyOwner modifier, meaning anyone—not just the contract owner—can call it. This allows unauthorized users to change allowances without proper permission checks.
Impact#
If exploited, an attacker could grant themselves or others unauthorized allowances, potentially gaining control over funds or resources managed by the contract. This can lead to loss of assets, unauthorized transactions, and full compromise of the contract’s integrity.