Privileged User Can Disrupt Transactions via Arbitrary setNameAndSymbol Updates #5
Description
Location
https://github.com/code-423n4/2025-05-upside/blob/main/contracts/UpsideMetaCoin.sol#L56-L61
Problem and Impact
An access control vulnerability in the setNameAndSymbol function allows privileged users (e.g., owners) to arbitrarily modify the name and symbol state variables post-deployment. This can lead to denial of service (DoS) by disrupting dependent transactions, escalation of privileges, and loss of trust due to mutable critical identifiers that are expected to be immutable (e.g., ERC-20 compliance).
Recommendation
Remove setNameAndSymbol or implement immutable variables (e.g., constructor()-only assignment).