Single-step Ownership Transfer Can be Dangerous
Summary
Single-step Ownership Transfer Can be Dangerous
Vulnerability Details
Single-step ownership transfer means that if a wrong address was passed when transferring ownership or admin rights it can mean that role is lost forever. If the admin permissions are given to the wrong address within this function, it will cause irreparable damage to the contracts SmartVaultManagerV5 and LiquidationPoolManager.
Impact
If an admin provides an incorrect address for the new owner this will result in none of the onlyOwner marked methods being callable again. 2.Funds gets stuck permanently.
Tools Used
Manual review
Recommendations
It is a best practice to use a two-step ownership transfer pattern, meaning ownership transfer gets to a "pending" state and the new owner should claim his new rights, otherwise the old owner still has control of the contract
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable2Step.sol should be used.
Lead Judging Commences
single-step-ownership
informational/invalid
single-step-ownership
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.