Omniscia LOC Game Audit

LOCOZExtension Manual Review Findings

LOO-01M: Weak Access Control

Type	Severity	Location
Logical Fault	Minor	LOCOZExtension.sol:L21-L24

Description:

The access control imposed on setBaseURI appears to be weak as any minter is able to adjust the _uri, a sensitive variable that can be exploited for web-based attacks such as XSS.

Example:

contracts/LOCOZExtension.sol

21function setBaseURI(string memory uri) public onlyMinter {
22    _uri = uri;
23    emit BaseURISet(uri);
24}

Recommendation:

We advise the setBaseURI function to instead be invoke-able only by the administrator of the AccessControl contract.

Alleviation:

The setBaseURI function now properly ensures that only the DEFAULT_ADMIN_ROLE can invoke it by enforcing the onlyRole modifier.

Omniscia LOC Game Audit

LOCOZExtension Manual Review Findings

LOCOZExtension Manual Review Findings

LOO-01M: Weak Access Control

Description:

Example:

Recommendation:

Alleviation:

LOCGamePlayNFT.sol (LOG-M)

LOCAccess.sol (LOC-C)

On this page