RigoBlock Dragos through 2022-02-17 lacks the onlyOwner...
High severity
Unreviewed
Published
Feb 19, 2022
to the GitHub Advisory Database
•
Updated Aug 17, 2023
Description
Published by the National Vulnerability Database
Feb 18, 2022
Published to the GitHub Advisory Database
Feb 19, 2022
Last updated
Aug 17, 2023
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.
References