跳到主要内容

Access Control Vulnerability

Access Control 意味着-谁被允许执行特定的指责，访问控制用于概述智能合约中用户角色和权限的控制。

Why we need Access Control

It helps protect critical functions from unauthorized access.
It helps in creating different levels of authorization.
It helps in Whitelisting and blacklisting users.
Granting and Revoking Roles

Simple Example

Example from Wtf

// 错误的mint函数，没有限制权限
function badMint(address to, uint amount) public {
    _mint(to, amount);
}

// 错误的burn函数，没有限制权限
function badBurn(address account, uint amount) public {
    _burn(account, amount);
}

Best Practice

openzeppelin

Openzeppelin中的Access control Libraries非常的好用

Refer

https://quillaudits.medium.com/access-control-vulnerability-in-defi-quillaudits-909e7ed4582c

openzeppelin

0%