Access Control
Who is allowed to invoke a privileged action.
The mechanism restricting sensitive functions to authorized callers. Failures — missing modifiers, unprotected initializers, broken guards — let attackers perform privileged actions.
Related cases
- EIP-7702 Flashloan-Protection Bypass Case Research: When tx.origin == msg.sender Stopped Meaning EOADeFi Exploits
- KiloEx $7.5M Case Research: A Trusted Forwarder That Let Anyone Become the Price KeeperDeFi Exploits
- Cork $12M Case Research: HIYA Price Skew Meets an Unauthenticated Uniswap v4 HookDeFi Exploits
- UPCX $70M Case Research: When a ProxyAdmin Key Became the ProtocolOperational Security
- ZKsync $5M Case Research: Airdrop Admin Compromise and the sweepUnclaimed MintOperational Security
Related attack patterns
Related tools
