Source: OpenZeppelin Midnight - Compact Contracts Audit
Description
The AccessControl, Ownable, FungibleToken, MultiToken, and NonFungibleToken contracts assume that ownPublicKey identifies the transaction constructor and can therefore be used for authorization checks.
However, ownPublicKey is a witness that can be set arbitrarily. The transaction lifecycle does not require the caller to prove control of the corresponding private key. As a result, these checks do not authenticate the caller. Any user can supply a chosen ownPublicKey value and satisfy logic that is intended to restrict access based on ownership, roles, or token permissions. This breaks the security assumptions of the unshielded library and can allow unauthorized execution of protected operations, including restricted token transfers.
Recommendation
Consider replacing ownPublicKey based identity checks with an identity derived from a secret witness, such as a hash of that secret, so authorization depends on knowledge that cannot be chosen arbitrarily while preserving the intended persistent identity properties, including linkability across actions.
Source: OpenZeppelin Midnight - Compact Contracts Audit
Description
The
AccessControl,Ownable,FungibleToken,MultiToken, andNonFungibleTokencontracts assume thatownPublicKeyidentifies the transaction constructor and can therefore be used for authorization checks.However,
ownPublicKeyis a witness that can be set arbitrarily. The transaction lifecycle does not require the caller to prove control of the corresponding private key. As a result, these checks do not authenticate the caller. Any user can supply a chosenownPublicKeyvalue and satisfy logic that is intended to restrict access based on ownership, roles, or token permissions. This breaks the security assumptions of the unshielded library and can allow unauthorized execution of protected operations, including restricted token transfers.Recommendation
Consider replacing
ownPublicKeybased identity checks with an identity derived from a secret witness, such as a hash of that secret, so authorization depends on knowledge that cannot be chosen arbitrarily while preserving the intended persistent identity properties, including linkability across actions.