1-step approach for critical ownership transfer is risky
Summary
1-step approach for critical ownership transfer is risky due to possible human error which could result in locking all the functions that use the onlyOwner() modifier.
Vulnerability Details
The OZ Ownable.sol is inherited by ProxyFactory.sol which gives ownable functionality.
However, its implementation is not safe currently as the process is 1-step which is risky due to a possible human error and such an error is unrecoverable. For example, an incorrect address, for which the private key is not known, could be passed accidentally.
Impact
Critical functions using the onlyOwner() modifier will be locked - setContest(), deployProxyAndDistributeByOwner(), distributeByOwner().
Tools Used
Manual Analysis
Recommendations
Implement the change of ownership in 2 steps:
Approve a new address as a pendingOwner
A transaction from the pendingOwner address claims the pending ownership change.
This mitigates the risk because if an incorrect address is used in step (1) then it can be fixed by re-approving the correct address. Only after a correct address is used in step (1) can step (2) happen and complete the ownership change.
e.g. https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable2Step.sol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.