BUG - Access Control 🤦♂️It seems like a simple mistake, but forgetting to place restrictions on who can call a sensitive function (like withdrawing ether or changing ownership) happens surprisingly often. Even if a modifier is in place, there have been cases where the modifier was not implemented correctly, such as in the example below where the require statement is missing. // DO NOT USE! modifier onlyMinter { minters[msg.sender] == true_; } This above 👆 code is a real example from this audit👇: code4rena.com/reports/2023-0… Here is another way access control can go wrong👇 function claimAirdrop(bytes32 calldata proof[]) { bool verified = MerkleProof.verifyCalldata(proof, merkleRoot, keccak256(abi.encode(msg.sender))); require(verified, "not verified"); require(alreadyClaimed[msg.sender], "already claimed"); _transfer(msg.sender, AIRDROP_AMOUNT); } In this case, “alreadyClaimed” is never set to true, so the claimant can issue call the function multiple times. ✅So as a smart contract engineers or auditors you all guys should be care full in the time of write smart contract Stay with @auditx_eth and learn more to improve auditing skill
@auditx_eth Access Control is one important BUG. Lesson on it is very important. Thanks for sharing @auditx_eth ™ 🫡
@auditx_eth a very important lesson about Access Control of BUG 🔥 thanks ser @auditx_eth 🫡
