Skip to content

Latest commit

 

History

History
12 lines (8 loc) · 671 Bytes

48.md

File metadata and controls

12 lines (8 loc) · 671 Bytes

Unprotected Ether Withdrawal

Description

Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account.

This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to be a constructor, the constructor code ends up in the runtime byte code and can be called by anyone to re-initialize the contract.

Remediation

Implement controls so withdrawals can only be triggered by authorized parties or according to the specs of the smart contract system.

References:

https://swcregistry.io/docs/SWC-105