Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: low
Valid

Use `Ownable2Step` rather than `Ownable`

Summary

OpenZeppelin's Ownable2Step and Ownable2StepUpgradeable prevent contract ownership from mistakenly being transferred to an address that cannot handle it (e.g. due to a typo in the address), by requiring that the recipient contract actively accept ownership via a contract call of its own.

Vulnerability Details

There is 1 instance of this issue.

File: src/ProxyFactory.sol
37: contract ProxyFactory is Ownable, EIP712 {
File Link Instance Count Instance Link
ProxyFactory.sol 1 37

Impact

The contract ownership could mistakenly be transferred to an address that cannot handle it.

Tools Used

baudit: a custom static code analysis tool; manual review

Recommendations

Use Ownable2Step rather than Ownable. For upgradeable contracts, use Ownable2StepUpgradeable.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.