WhoAmI?
may be auditor

Security blog

Add new post Feed

Auditors space

Dapp Security list Audit Challenges Team formation

Dapps and protocols

Pre-audit plan Audit Profile

Dev Tools

Dev tools Testing tools

Protocol Marketing

Marketing tips

Misc

Support Log In

AuditProfile, Copywright 2025

info@auditprofile.xyz

Privacy Policy

AuditProfile

Block: 45

Author: Anonymous

AuditProfile

Security blog

Too ownable

#transfer

#access

Hint

It's too easy to give clues.

Answer

Firstly, there is no check on the entered address to. Second, the admin can send money on behalf of another user. Thirdly, with _data admin can do execution of functions in other users' contracts, if any. Well, and the banal absence of payable modifier. In other words, the function will always revert if msg.value > 0.

CTF

Capture the Ether The Ethernaut Damn Vulnerable DeFi CryptoZombies Speedrun Ethereum CipherShastra Mr Steal Yo Crypto Cryptohack DeFi Hack Ether Hack CTF protocol CTF Blockchain Challenges

Awesome Books

Uniswap V2 Book

by RareSkills
Uniswap V3 Book

by Jeiwan
Compound Book

by RareSkills
ZK Book

by RareSkills
Ethereum Book

by Andreas M. Antonopoulos, Gavin Wood
Beigepaper

by Micah Dameron

Useful tools

EVM diff

Compare execution layer differences between chains
EVM storage

Dive deep into the storage of any contract

Регистрация прошла успешно! Спасибо за внимание!

loader