UnrestrictedWrite for certain Authorization Patterns

Question

UnrestrictedWrite for certain Authorization Patterns

ritzdorf opened this issue 6 years ago · 0 comments

Certain authorization patterns, do not use a direct

require(msg.sender == owner);

and instead perform a mapping-based authorization lookup that leads to the branch condition.
An example is provided below. This currently leads to violations for UnrestrictedWrite.

contract AuthTest {
    mapping(address => bool) isAuthorized;
    uint internal secret;

    constructor() public {
        isAuthorized[msg.sender] = true;
    }

    function setAuthorization(address a, bool v)
        public
        auth
    {
        isAuthorized[a] = v;
    }

    modifier auth {
        require(isAuthorized[msg.sender]);
        _;
    }

    function sensitiveFunc(uint x) public auth returns (bool) {
        secret = x;
    }
}