Missing Improper Check On The Admin Address

What it detects

Some contracts store an admin or owner address to restrict privileged actions. If the code fails to verify this address correctly, anyone may call sensitive functions. The detector flags functions lacking proper admin checks or comparing the wrong variable.

Typical symptoms

Modifier or require statement missing from admin-only functions
Admin variable compared against tx.origin instead of msg.sender

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract AdminCheck {
    address public admin;

    function set(uint256 value) external {
        // No check that msg.sender == admin
        _store = value;
    }

    uint256 private _store;
}

Why it matters on EVM

Without a proper admin check, attackers can change critical parameters or seize ownership of the contract.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM