Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Lack of Two Steps Verification before Transferring Ownership

chainnue

Summary

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure (transfer and accept) on the critical functions.

Vulnerability Details

The Ownable contract doesn't employ a two step transfer pattern which can be considerable valid issue when the admin or owner wrongly input a wrong address. When this happen, the contract would instantly effecting the protocol, as the owner is now renounced.

File: Ownable.sol

19: function transferOwnership(address _owner) public virtual onlyOwner {

20: owner = _owner;

21: emit OwnershipTransferred(msg.sender, _owner);

22: }

Impact

When wrong input is entered, the admin / owner will be renounced, any future changes such as changing configuration will not be available anymore.

Tools Used

Manual analysis

Recommendations

Recommend considering implementing a two step process where the owner or admin nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.