The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use two-step ownership transfers instead of single-step ownership transfers

DarkTower

Vulnerability Details

Single-step ownership transfers add the risk of setting an unwanted owner by accident (this includes
address(0)) if the ownership transfer is not done with excessive care.

Context: LiquidationPoolManager#11

File: LiquidationPoolManager.sol
11 contract LiquidationPoolManager is Ownable

Context: SmartVaultManagerV5#16

File: SmartVaultManagerV5.sol
16 contract SmartVaultManagerV5 is
ISmartVaultManager,
ISmartVaultManagerV2,
Initializable,
ERC721Upgradeable,
OwnableUpgradeable

Similar Findings:

  1. https://solodit.xyz/issues/l-07-use-ownable2step-instead-of-ownable-for-access-control-code4rena-particle-protocol-particle-protocol-invitational-git

  2. https://solodit.xyz/issues/l-04-use-code4rena-redacted-cartel-redacted-cartel-contest-git

Impact

If the new address is inactive or not willing to act, there is no way to restore access to that role. Therefore, the owner role can be lost.

Tools

Manual Review

Recommendation

It is recommended to use the Ownable2Step library instead of Ownable library and Ownable2StepUpgradeable instead of OwnableUpgradeable

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

single-step-ownership

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.