smartbugs-curated/dataset/access_control/FibonacciBalance.sol

/*
 * @source: https://github.com/sigp/solidity-security-blog
 * @author: Suhabe Bugrara
 * @vulnerable_at_lines: 31,38
 */

//added pragma version
pragma solidity ^0.4.0;

contract FibonacciBalance {

    address public fibonacciLibrary;
    // the current fibonacci number to withdraw
    uint public calculatedFibNumber;
    // the starting fibonacci sequence number
    uint public start = 3;
    uint public withdrawalCounter;
    // the fibonancci function selector
    bytes4 constant fibSig = bytes4(sha3("setFibonacci(uint256)"));

    // constructor - loads the contract with ether
    constructor(address _fibonacciLibrary) public payable {
        fibonacciLibrary = _fibonacciLibrary;
    }

    function withdraw() {
        withdrawalCounter += 1;
        // calculate the fibonacci number for the current withdrawal user
        // this sets calculatedFibNumber
        // <yes> <report> ACCESS_CONTROL
        require(fibonacciLibrary.delegatecall(fibSig, withdrawalCounter));
        msg.sender.transfer(calculatedFibNumber * 1 ether);
    }

    // allow users to call fibonacci library functions
    function() public {
        // <yes> <report> ACCESS_CONTROL
        require(fibonacciLibrary.delegatecall(msg.data));
    }
}

// library contract - calculates fibonacci-like numbers;
contract FibonacciLib {
    // initializing the standard fibonacci sequence;
    uint public start;
    uint public calculatedFibNumber;

    // modify the zeroth number in the sequence
    function setStart(uint _start) public {
        start = _start;
    }

    function setFibonacci(uint n) public {
        calculatedFibNumber = fibonacci(n);
    }

    function fibonacci(uint n) internal returns (uint) {
        if (n == 0) return start;
        else if (n == 1) return start + 1;
        else return fibonacci(n - 1) + fibonacci(n - 2);
    }
}
Add SB Curated (copied from the smartbugs repository). 2022-11-23 10:07:09 +01:00			`/*`
			`* @source: https://github.com/sigp/solidity-security-blog`
			`* @author: Suhabe Bugrara`
			`* @vulnerable_at_lines: 31,38`
			`*/`

			`//added pragma version`
			`pragma solidity ^0.4.0;`

			`contract FibonacciBalance {`

			`address public fibonacciLibrary;`
			`// the current fibonacci number to withdraw`
			`uint public calculatedFibNumber;`
			`// the starting fibonacci sequence number`
			`uint public start = 3;`
			`uint public withdrawalCounter;`
			`// the fibonancci function selector`
			`bytes4 constant fibSig = bytes4(sha3("setFibonacci(uint256)"));`

			`// constructor - loads the contract with ether`
			`constructor(address _fibonacciLibrary) public payable {`
			`fibonacciLibrary = _fibonacciLibrary;`
			`}`

			`function withdraw() {`
			`withdrawalCounter += 1;`
			`// calculate the fibonacci number for the current withdrawal user`
			`// this sets calculatedFibNumber`
			`// <yes> <report> ACCESS_CONTROL`
			`require(fibonacciLibrary.delegatecall(fibSig, withdrawalCounter));`
			`msg.sender.transfer(calculatedFibNumber * 1 ether);`
			`}`

			`// allow users to call fibonacci library functions`
			`function() public {`
			`// <yes> <report> ACCESS_CONTROL`
			`require(fibonacciLibrary.delegatecall(msg.data));`
			`}`
			`}`

			`// library contract - calculates fibonacci-like numbers;`
			`contract FibonacciLib {`
			`// initializing the standard fibonacci sequence;`
			`uint public start;`
			`uint public calculatedFibNumber;`

			`// modify the zeroth number in the sequence`
			`function setStart(uint _start) public {`
			`start = _start;`
			`}`

			`function setFibonacci(uint n) public {`
			`calculatedFibNumber = fibonacci(n);`
			`}`

			`function fibonacci(uint n) internal returns (uint) {`
			`if (n == 0) return start;`
			`else if (n == 1) return start + 1;`
			`else return fibonacci(n - 1) + fibonacci(n - 2);`
			`}`
			`}`