Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

DecentralizedStableCoin - newer Ownable version can break the coin logic

ptsanev

Summary

The current implementation of the stable coin uses the OZ Ownable contract to keep track of the owner of the token, which would be the engine contract in this case. As new versions of the libraries are coming out, the coin might get deployed with a newer version which would break the currently written algorithm.

Vulnerability Details

The newest version of the Ownable OZ contract, and probably future versions, now needs the initial owner to be passed as an argument, which would set the owner to the address(0) if no argument is passed, as the current stable coin constructor does.

Impact

The owner is left uninitialized, breaking the entire contract.

Tools Used

Manual Review

Recommendations

Carefully consider the version in use, provide the initial owner parameter to the Ownable constructor.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.