The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

SmartVaultV3:setOwner wrong access control

touqeershah32

Summary

Only owner can change the ownership of the contract otherwise other function which are onlyOwner does not make sense if ,Manager can change owner anytime he want.

Vulnerability Details

currently onlyVaultManager is access control on setOwner function which allow Manage to make new owner of this contract which deployed by someone for his used.

Impact

Let suppose I am manager , go and change the owner do some transactions and revert the old owner this function make me think to lose the purpose on onlyowner access which stop other to access but what about Manager.

Tools Used

Manuel Review

Recommendations

Either remove it or only current owner can change it , or atleast both should have access of the functions.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!