Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Ownable: Does not implement 2-Step-Process for transferring ownership

nisedo

Summary

Ownable: Does not implement 2-step-process for transferring ownership

Vulnerability Details

ProxyFactory inherits from the Ownable contract.
This contract does not implement a 2-step-process for transferring ownership.
So ownership of the contract can easily be lost when making a mistake when transferring ownership.

import {Ownable} from "openzeppelin/access/Ownable.sol";

contract ProxyFactory is Ownable, EIP712 {

Impact

Potential loss of ownership and the protocol would be unusable.

Tools Used

Manual Review

Recommendations

It is recommended to use a two-step process as Ownable2Step.sol of OpenZeppelin in which an owner proposes an ownership transfer and the proposed new owner accepts it.

- import {Ownable} from "openzeppelin/access/Ownable.sol";

+ import {Ownable} from "openzeppelin/access/Ownable2Step.sol";

- contract ProxyFactory is Ownable, EIP712 {

+ contract ProxyFactory is Ownable2Step, EIP712 {

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.