FV-SOL-4-C2 Unrestricted Role Assignment

TLDR

If a function to set an owner or assign roles is public or lacks access control, anyone can call it, potentially taking control of the contract

Game

Your task is to identify how unauthorized users might exploit this contract to assign themselves privileged access. The assignPrivilege function seems simple, but thereโ€™s more to consider in how itโ€™s secured.

// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;

contract RoleAssignmentGame {
    address public admin;
    mapping(address => bool) public privilegedUsers;

    constructor() {
        admin = msg.sender;
    }

    function assignPrivilege(address user) public {
        privilegedUsers[user] = true;
    }

    function restrictedFunction() public view returns (string memory) {
        require(privilegedUsers[msg.sender], "Access denied");
        return "Privileged access granted!";
    }
}

Last updated