First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Owner can renounce ownership

aballok

Summary

OpenZeppelin contracts have a renounce ownership function

Vulnerability Details

renounceOwnership can be called by error or by malicious owner leading to loss of ownership and controls over critical functionality in the contracts

Impact

Can lead to loss of ownership. Implies address for fees cant be changed e.g keys for that address lost or fee address under control malicious entitty; Implies fees cant be withdraw from protocol(assuming access control lacking fixed) so the ETH for fees will be stuck in the protocol forever

Tools Used

Manual Analysis

Recommendations

Override renounceOwnership function and ensure that it reverts

Updates

Lead Judging Commences

hexbyte Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: User input validation

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.