Access control vulnerabilities exist when a contract fails to properly restrict who can call certain functions. This can result in unauthorized function calls.
If a contract function isn’t protected adequately, unauthorized actors can manipulate the contract state, steal funds, or take other damaging actions.
The Parity Wallet vulnerability resulted from an unprotected function in a library contract, allowing an attacker to take ownership of the contract and self-destruct it, freezing over 500,000 Ether.