Bent Fuchsia Quail
Medium
The blacklist and unBlacklist functions in the contract allow adding and removing addresses from a blacklist. The comments suggest that these functions can only be called by an admin role, but the actual role required is BLACKLIST_ROLE. This inconsistency between comments and actual code can lead to confusion and potentially incorrect usage by developers and auditors. Other functions that has admin as comment such as the "unpause" function requires DEFAULT_ADMIN_ROLE.
The inconsistency arises from a mismatch between the comments and the actual role check in the code. While the comments specify that the DEFAULT_ADMIN_ROLE should be required, the functions are implemented to require BLACKLIST_ROLE. This may indicate an oversight in either the comments or the intended role for these functions.
- None
- None
- None
This inconsistency can lead to:
- Security Risk: If developers or auditors assume that only DEFAULT_ADMIN_ROLE is required based on the comments, they may incorrectly assess access control for these functions.
- Confusion: Inconsistent comments can cause confusion among developers and reduce the clarity of code intent.
No response
Comment Update: Update the comments to reflect the correct role required (i.e., change "admin" to BLACKLIST_ROLE), ensuring the comments accurately describe the implemented logic: