Chainvet
Detectors

Access Control

18 detectors (AC-01…AC-18) for authorization, ownership, and privileged-operation flaws.

Access-control detectors (AC) catch missing or bypassable authorization: who can call a privileged function, move tokens, send ether, or destroy the contract. This is the largest category — 18 detectors.

IDSlugSeverityConfidenceWhat it detects
AC-01arbitrary-transfer-fromHighMediumtransferFrom() called with an attacker-controllable from — anyone can move a victim's approved tokens.
AC-02arbitrary-calldataHighMediumA low-level call whose target address comes from a function parameter — the attacker picks the callee.
AC-03caller-not-checkedMediumMediumAn extcodesize caller check that can be bypassed (e.g. when called from a constructor).
AC-04contract-destructableMediumHighThe contract can be destroyed via selfdestruct.
AC-05dangerous-state-var-initMediumLowA state variable initialized from a dangerous or attacker-influenced value.
AC-06tx-originMediumHighAuthorization via tx.origin — phishable; use msg.sender.
AC-07default-visibilityMediumHighA function or state variable relying on default visibility.
AC-08uninit-permission-checkHighMediumA permission/owner check against an uninitialized variable — enables an initialization takeover.
AC-09permit-arbitrary-transfer-fromHighMediumpermit() used with transferFrom() where the from address is arbitrary.
AC-10missing-sender-check-transfer-fromHighMediumtransferFrom() called without msg.sender as the from — missing ownership check.
AC-11missing-input-validationMediumLowPublic/external function parameters used without validation.
AC-12arbitrary-ether-sendHighMediumEther sent to an address derived from a function parameter.
AC-13unprotected-selfdestructHighHighselfdestruct reachable without an access-control guard.
AC-14unprotected-ether-withdrawalHighMediumAn ether withdrawal callable by anyone.
AC-15unsafe-delegatecallHighMediumA low-level delegatecall that executes external code in the caller's context.
AC-16unused-return-valueMediumLowThe return value of a low-level call/send is ignored.
AC-17public-mint-burnHighHighA public/external mint or burn with no access control.
AC-18arbitrary-storage-writeHighMediumInline assembly sstore that may write to an attacker-controlled storage slot.

Remediation

Gate privileged functions with an explicit msg.sender / owner / role check, validate address parameters, and never authorize with tx.origin. Chainvet's audit reports include a per-finding mitigation for each of these.