semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphore-protocol

missing admin access check

Open 0xDatapunk opened this issue 1 year ago • 0 comments

the _addMember function is missing onlyGroupAdmin(groupId) check, Without it anyone can add to the group.

https://github.com/semaphore-protocol/semaphore/blob/8eb19e83fda62644872b2fcfbd85011d3b2c21e2/packages/contracts/contracts/base/SemaphoreGroups.sol#L83

0xDatapunk avatar Mar 11 '24 17:03 0xDatapunk