Accidental renounce ownership can brick the Liquidation Pool Manager and Smart Vault Manager
Summary
OwnableUpgradeable and Ownable expose a function renounceOwnership() which can be used to surrender control of contracts with owners.
This may result in the removal of ownership for LiquidationPoolManager and SmartVaultManagerV5; ultimately breaking the protocol.
Vulnerability Details
The LiquidationPoolManager and SmartVaultManagerV5 contracts inherit from Ownable and OwnableUpgradeable respectively, and hence inherit the renounceOwnership() function.
The owner of these contracts can accidentally (or intentionally) call renounceOwnership() which will transfer the ownership to address(0). This will break all functionality of the protocol that uitlises the onlyOwner() modifier; below is a list of those functions:
LiquidationPoolManager::setPoolFeePercentage()SmartVaultManagerV5::setMintFeeRateSmartVaultManagerV5::setBurnFeeRateSmartVaultManagerV5::setSwapFeeRateSmartVaultManagerV5::setWethAddressSmartVaultManagerV5::setSwapRouter2SmartVaultManagerV5::setNFTMetadataGeneratorSmartVaultManagerV5::setSmartVaultDeployerSmartVaultManagerV5::setProtocolAddressSmartVaultManagerV5::setLiquidatorAddress
Tools Used
Manual Review
Recommendations
Disable renounceOwnership() if this feature is not required
Lead Judging Commences
informational/invalid
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.