Single-step ownership change introduces risks in `LinearBoostController`
Summary
LinearBoostController.sol contract inherits from OpenZeppelin's Ownable and contains critical functions like setMaxLockingDuration and setMaxBoost. There is a concern that the current ownership transfer mechanism may expose the contract to the risk of unauthorized access, potentially compromising these critical functions.
Vulnerability Details
Lack of Two-Step Ownership Transfer
LinearBoostController inherits OpenZeppelin's Ownable, and the default transferOwnership() function is used. This introduces the risk of unauthorized or accidental ownership transfers, allowing an attacker to compromise critical functions.
Impact
The lack of a two-step ownership transfer mechanism poses a risk. If the ownership of the LinearBoostController contract is compromised, an attacker could exploit critical functions like setMaxLockingDuration and setMaxBoost. This could lead to unintended changes in system parameters, affecting the boost mechanism and economic incentives for stakers.
Also, the default transferOwnership use raise the risk of unauthorized or accidental ownership transfers, allowing an attacker to compromise critical functions.
Tools Used
Manual review
Recommendations
Two-Step Ownership Transfer:
Implement a two-step ownership transfer mechanism for LinearBoostController. ( use this https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable2Step.sol )
Lead Judging Commences
ownable-2step
have a 2-step owner transfer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.