Use `Ownable2StepUpgradeable` instead of `OwnableUpgradeable`
Summary
SmartVaultManagerV5 makes use of OwnableUpgradeable, which is a contract that helps with the management of ownership for contracts. Transferring ownership to the wrong address would lead to the owners being locked out of the contract forever. The general recommendation is to have two-step processes for such interactions.
Vulnerability Details
SmartVaultManagerV5 makes use of OpenZeppelin's OwnableUpgradeable. It's possible for the admins to lose access to the contract. They can call transferOwnership() with the wrong address and unintentionally lose their owner access forever.
Impact
Losing access to the contract due to a mistake in the address the ownership is transferred to.
Tools Used
Manual Analysis
Recommendations
It is recommended to use OpenZeppelin's Ownable2StepUpgradeable contract. This contract solves the problem by making the ownership transfer a two-step process. After transferOwnership() has been invoked, the designated owner must confirm the transfer by calling acceptOwnership() before gaining access. This two-step mechanism allows the admins to quickly correct mistakes as soon as they realize it.
Lead Judging Commences
single-step-ownership
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.