Access Control Vulnerability in Coinlancer (CL) Smart Contract Implementation

Access Control Vulnerability in Coinlancer (CL) Smart Contract Implementation

CVE-2018-17111 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.

Learn more about our User Device Pen Test.