| Reported on Immunefi | Jan-26-2024 |
| Mitigation | Jan-26-2024 |
| Solution Completed | Jan-26-2024 |
Access to deployment on virtual worlds is achievable without requiring the signature of the name's owner. Deployment permissions for any Decentral and (DCI) world can be obtained independently, without requiring any direct engagement from the name's proprietor. The content server responsible for managing authorized addresses does not verify the signature of the received AuthChain. As a result, deployment permissions can be granted without the explicit consent or authorization of the name's owner.
Websites & Applications - Low.
Fix permissions checks