Use Ownable2Step instead of Ownable to prevent accidental ownership transfer
Summary
This report identifies a vulnerability in the contracts that inherit from the Ownable contract, which allows the owner to transfer the ownership to any address without confirmation. This could lead to loss of control over the contract if the owner makes a mistake or is compromised. The report recommends using the Ownable2Step contract instead, which requires the new owner to accept the ownership transfer before it is finalized.
Vulnerability Details
The Ownable contract, imported from OpenZeppelin, defines an owner address and a function to transfer the ownership to a new address. However, this function does not check if the new address is valid, or if it is capable of receiving the ownership. For example, the new address could be a zero address, a contract address without the acceptOwnership function, or an address that is not controlled by anyone. In any of these cases, the ownership transfer would be irreversible, and the owner would lose the ability to perform critical functions such as upgrading the contract, changing the parameters, or withdrawing the funds.
https://github.com/Cyfrin/2023-12-stake-link/tree/main/contracts/core/RewardsInitiator.sol#L16
https://github.com/Cyfrin/2023-12-stake-link/tree/main/contracts/core/ccip/RESDLTokenBridge.sol#L16
https://github.com/Cyfrin/2023-12-stake-link/tree/main/contracts/core/ccip/WrappedTokenBridge.sol#L19
https://github.com/Cyfrin/2023-12-stake-link/tree/main/contracts/core/ccip/base/SDLPoolCCIPController.sol#L13
https://github.com/Cyfrin/2023-12-stake-link/tree/main/contracts/core/sdlPool/LinearBoostController.sol#L10
Impact
The impact of this vulnerability depends on the contract and the functionality that the owner can control. In general, the owner can pause and unpause the contract functionality, which could affect the availability and usability of the contract for the users. The owner can also set various parameters that affect the fees, the rewards, the boost, and the bridging functionality of the contract, which could affect the incentives and the economics of the project. The owner can also set the addresses of other contracts that interact with the contract, which could affect the security and the integrity of the project. In the worst case, the owner could drain the funds or tokens that are stored or managed by the contract, which could result in a significant loss for the users and the project.
Tools Used
Manul
Recommendations
The report recommends using the Ownable2Step contract instead of the Ownable contract, which is also imported from OpenZeppelin. The Ownable2Step contract implements a two-step ownership transfer process, which requires the new owner to accept the ownership before it is finalized. This prevents the ownership from being transferred to an address that cannot handle it, or that does not want to accept it. The Ownable2Step contract also emits an event when the ownership is proposed and when it is accepted, which increases the transparency and auditability of the system.
Lead Judging Commences
ownable-2step
have a 2-step owner transfer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.