Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: low
Valid

Ownable2Step vs Ownable ownership change risks

Summary

ProxyFactory.sol makes use of Ownable whereas Ownable2Step is the safer option

Vulnerability Details

Ownable.sol has a transferOwnership function that occurs in a single step. An address that is changed to new owner may be account that has lost control of keys, is now under control malicious user, incorrect address, not part of trusted entities etc

Impact

Medium - Such single step can lead to ownership of contracts being lost and ProxyFactory being main entry point of project implies onlyOwner functions will no longer work or be trusted. Ownable2Step on the other hand ensures any change is ownership is first claimed by the new owner to ensure they are still in control of keys.

Tools Used

Manual Analysis

Recommendations

It is recommended to make use of inheriting from OpenZeppelin Ownable2Step contract so that any transfers or change of ownerships are safe to addresses that are capable of resuming ownership roles.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.