DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Operations such as the changing of the owner should be behind a timelock

oualidpro

Summary

Operations such as the changing of the owner should be behind a timelock

Vulnerability Details

From the point of view of a user, the changing of the owner of a contract is a high risk operation that may have outcomes ranging from an attacker gaining control over the protocol, to the function no longer functioning due to a typo in the destination address. To give users plenty of warning so that they can validate any ownership changes, changes of ownership should be behind a timelock.

File: contracts/facets/OwnerFacet.sol

111: function transferOwnership(address newOwner) external onlyDAO {

s.ownerCandidate = newOwner;

emit Events.NewOwnerCandidate(newOwner);

}

124: function transferAdminship(address newAdmin) external onlyAdminOrDAO {

s.admin = newAdmin;

emit Events.NewAdmin(newAdmin);

}

Link to code

Impact

Tools Used

Recommendations

Add a timelock for Transferring Ownership

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.