Inadequate access control for setMarketRate function

Summary

The setMarketRate function can be called by any address, which could allow unauthorized users to modify the interest rate of a market.

Vulnerability Detail

The setMarketRate function is missing access control checks, allowing any user to call the function and modify the interest rate of a market. This could lead to potential financial loss for borrowers and lenders if the market rate is manipulated by unauthorized parties.

Impact

This vulnerability could result in financial loss for borrowers and lenders if the market rate is manipulated by unauthorized parties.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L272

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L303

Tool used

Manual Review

Recommendation

Implement access control checks to ensure that only authorized users can call the setMarketRate function:

function setMarketRate(uint256 marketId, uint256 newRate) external onlyOwner {
    ...
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

029.md

029.md

Inadequate access control for setMarketRate function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

029.md

Latest commit

History

029.md

File metadata and controls

Inadequate access control for setMarketRate function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation