Improper Input Validation
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
The contract decodes user-supplied context (ctx) without validating its authenticity, allowing attackers to craft calldata that impersonates other accounts. This missing input validation exposes the contract to unauthorized actions.
Impact#
If exploited, attackers can perform actions as if they were other users, potentially leading to theft of funds, unauthorized token transfers, or manipulation of contract state. This can result in severe financial and reputational damage to both users and the organization.