The issue is that there's no way to change the manager role
Summary
The issue is that there's no way to change the manager role right now.
Vulnerability Details
There's currently no function in the contract to switch the manager. If we need to update or fix something with the manager role, we can't do it because there's no specific process in place.
Impact
Without a way to change the manager, any issues with the current manager role can't be addressed or fixed. This could cause problems if there are changes needed in the future.
Tools Used
Manual
Recommendations
Add two-step change of privileged roles:
When privileged roles are being changed, it is recommended to follow a two-step approach: 1) The current privileged role proposes a new address for the change 2) The newly proposed address then claims the privileged role in a separate transaction. This two-step change allows accidental proposals to be corrected instead of leaving the system operationally with no/malicious privileged role. For e.g., in a single-step change, if the current admin accidentally changes the new admin to a zero-address or an incorrect address (where the private keys are not available), the system is left without an operational admin and will have to be redeployed.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.