FV-SOL-4 Bad Access Control
TLDR
Improper access control can let unauthorized users access or modify restricted functionality
Code
Classifications
Usig tx.origin for authorization (FV-SOL-4-C1)
tx.origin
is a global variable in Solidity that returns the original external account (EOA) that initiated the transaction, even if there are intermediate contracts involved. It’s often tempting to use tx.origin
for access control, thinking it securely identifies the initiator of the transaction. However, it introduces serious security risks due to its susceptibility to phishing attacks through intermediary contracts
Unrestricted Role Assignment (FV-SOL-4-C2)
If a function to set an owner or assign roles is public or lacks access control, anyone can call it, potentially taking control of the contract
Lack of Multi-Signature for Crucial Operations (FV-SOL-4-C3)
if a critical function (like transferring large funds or changing important contract settings) is controlled by a single address (usually the contract owner), it creates a single point of failure
Mitigation Patterns
Ownership Pattern (FV-SOL-4-M1)
The ownership pattern restricts critical functions to the contract owner, usually set during contract deployment. This is commonly achieved with an onlyOwner
modifier
Proper RBAC (FV-SOL-4-M2)
Role-Based Access Control allows defining multiple roles, each with specific permissions. For example, roles like Admin
, Minter
, or Pauser
can be created, allowing more granular control
Multi-Signature Approval (FV-SOL-4-M3)
Multi-sig patterns require multiple accounts to approve a critical action before it can be executed. This reduces the risk of unauthorized actions due to a compromised account
Actual Occurrences
Content
Last updated