The current ownership transfer process for all the contracts inheriting
from Ownable
or OwnableUpgradeable
involves the current owner calling the
transferOwnership() function:
If the nominated EOA account is not a valid account, it is entirely possible
that the owner may accidentally transfer ownership to an uncontrolled
account, losing the access to all functions with the onlyOwner
modifier.
There is 1
instance of this issue:
DecentralizedStableCoin does not implement a 2-Step-Process
for transferring ownership.
It is recommended to implement a two-step process where the owner nominates
an account and the nominated account needs to call an acceptOwnership()
function for the transfer of the ownership to fully succeed. This ensures
the nominated EOA account is a valid and active account. This can be
easily achieved by using OpenZeppelin’s Ownable2Step contract instead of
Ownable
:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.