# Access Control Issues

**Access Control Issues** occur when a smart contract fails to properly restrict who can call certain functions. This can allow unauthorized users to perform sensitive operations, such as minting tokens, transferring ownership, or withdrawing funds.

#### &#x20;**How They Work** <a href="#how-they-work" id="how-they-work"></a>

1. **No Restrictions:** If functions are not protected, anyone can call them. Example:

   ```
   solidity

   function mint(uint256 _amount) public {
       // Anyone can mint tokens
       totalSupply += _amount;
   }
   ```
2. **Improper Authorization:** If authorization checks are incorrect or incomplete, attackers can bypass restrictions. Example:

   ```
   solidity

   function updateOwner(address _newOwner) public {
       // Missing restriction to allow only the current owner
       owner = _newOwner;
   }
   ```

#### **Real-Life Impact** <a href="#real-life-impact" id="real-life-impact"></a>

Attackers can exploit access control flaws to:

* Take ownership of a contract.
* Mint or transfer tokens they shouldn’t have.
* Drain contract funds.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.auditx.net/auditx-ecosystem/services/types-of-vulnerabilities-detected/access-control-issues.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.