Contract Dangling Due to Owner Renunciation
Summary
There are the potential risk of a smart contract being left without an owner if the owner mistakenly renounces their ownership by invoking the renounceOwnership function.
In such a scenario, the contract will exist indefinitely without an owner, which can pose operational and security risks.
Vulnerability Details
The vulnerability arises from the owner's ability to renounce ownership using the renounceOwnership function.
While this feature can be a legitimate part of contract functionality, it becomes a risk when the owner mistakenly or be compromised to renounces their own ownership.
As a result, the contract becomes ownerless, and there is unrecoverable.
Impact
-
Contract Abandonment: The contract may lack an owner, leading to operational and security issues.
-
Lack of Control: Without an owner, critical decisions and updates may be impossible.
Tools Used
VS Code: Manual
Recommendations
Overriding the renounceOwnership function to always revert when the owner attemp to call this function.
Lead Judging Commences
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.