Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

`Ownable` contract implements single-step ownership change.

Bobface

Summary

The Ownable contract implements a single-step ownership change process, which can lead to loss of access.

Vulnerability Details

The Ownable contract implements a single-step ownership change process, where ownership is transferred to a new address via transferOwnership:

function transferOwnership(address _owner) public virtual onlyOwner {

owner = _owner;

emit OwnershipTransferred(msg.sender, _owner);

}

Impact

This is against best practices, as accidently passing the wrong address as _owner causes permanent loss of access to the onlyOwner methods.

Tools Used

None

Recommendations

Implement a two-step ownership change process, where a new owner is first proposed, which then needs to accept the ownership from the new address. An implementation is available as Ownable2Step from OpenZeppelin.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.