Skip to main content

Access Control Vulnerability

Access Control 意味着-谁被允许执行特定的指责,访问控制用于概述智能合约中用户角色和权限的控制。

Why we need Access Control

  • It helps protect critical functions from unauthorized access.
  • It helps in creating different levels of authorization.
  • It helps in Whitelisting and blacklisting users.
  • Granting and Revoking Roles

Simple Example

Example from Wtf

// 错误的mint函数,没有限制权限
function badMint(address to, uint amount) public {
_mint(to, amount);
}
// 错误的burn函数,没有限制权限
function badBurn(address account, uint amount) public {
_burn(account, amount);
}

Best Practice

openzeppelin

Openzeppelin中的Access control Libraries非常的好用

Refer

https://quillaudits.medium.com/access-control-vulnerability-in-defi-quillaudits-909e7ed4582c