Skip to content

Security Fix: Add access control to set_risk_tier function#63

Closed
omolobamoyinoluwa-max wants to merge 1 commit into
mericcintosun:mainfrom
omolobamoyinoluwa-max:security-fix-set-risk-tier-access-control
Closed

Security Fix: Add access control to set_risk_tier function#63
omolobamoyinoluwa-max wants to merge 1 commit into
mericcintosun:mainfrom
omolobamoyinoluwa-max:security-fix-set-risk-tier-access-control

Conversation

@omolobamoyinoluwa-max

Copy link
Copy Markdown
  • Add initialize(admin) function to set trusted admin address once
  • Add get_admin() function to retrieve current admin
  • Modify set_risk_tier to require caller to be admin OR the user themselves
  • Add comprehensive unit tests for all authorization paths
  • Fix security vulnerability where any address could overwrite any user's risk score

This addresses the security issue that blocked mainnet deployment and ensures downstream protocols can trust the on-chain credit score.

Closes #50

- Add initialize(admin) function to set trusted admin address once
- Add get_admin() function to retrieve current admin
- Modify set_risk_tier to require caller to be admin OR the user themselves
- Add comprehensive unit tests for all authorization paths
- Fix security vulnerability where any address could overwrite any user's risk score

This addresses the security issue that blocked mainnet deployment and ensures
downstream protocols can trust the on-chain credit score.
@vercel

vercel Bot commented Apr 27, 2026

Copy link
Copy Markdown

@omolobamoyinoluwa-max is attempting to deploy a commit to the mericcintosun Team on Vercel.

A member of the Team first needs to authorize it.

@mericcintosun

Copy link
Copy Markdown
Owner

Thanks a lot for the contribution! 🙏

Closing this because the branch commits build artifacts (files under risk_score/target/** and/or **/node_modules/**) — that adds tens of thousands of generated files to the repository, which we can't merge.\n\nThe underlying change may well be valuable. Please feel free to resubmit a clean branch that:\n- adds risk_score/target/ and node_modules/ to .gitignore\n- contains only the source changes (no generated/build files, no full lockfile rewrites)\n\nAppreciate the effort!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] set_risk_tier has no access control — any address can overwrite any user's score

2 participants