Implement role-based access control to manage permissions and ensure that only authorized users can access specific functions. This includes validating identities, applying the least privilege principle, and ensuring appropriate access controls are in place.
Validate that unexpected addresses do not result in unintended behaviors, particularly when these addresses refer to contracts within the same protocol.
✓
✓
S4.1.B2
Verify that functions like ecrecover handle all potential null addresses properly to avoid vulnerabilities arising from unexpected ecrecover outputs.
Use msg.sender (not tx.origin) for authorization to avoid phishing via malicious intermediary contracts. Optionally, require(tx.origin == msg.sender) restricts callers to EOAs only — use only when EOA-only access is explicitly required.
✓
✓
S4.1.C2
Certain addresses might be blocked or restricted from receiving tokens (e.g., LUSD). Ensure that address restrictions are properly managed and verified.
✓
✓
S4.1.C3
Ensure that Guard’s hooks (e.g., checkTransaction(), checkAfterExecution()) are executed to enforce critical security checks.
✓
✓
S4.1.C4
Ensure that access controls are implemented correctly to determine who can use certain functions, and avoid unauthorized changes or withdrawals.