The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unnoticed changes when setting a new owner

mylifechangefast

Summary

The absence of an emit function or event logging in the setOwner function poses a vulnerability as it lacks transparency and makes it challenging to track changes in ownership.

Vulnerability Details

function setOwner(address _newOwner) external onlyVaultManager {
owner = _newOwner;
}

The setOwner function modifies the contract's owner without emitting an event or logging the change. This absence of transparency makes it difficult to monitor and verify ownership changes on the blockchain.

Without proper event logging, it becomes challenging to detect and verify whether the setOwner function was called, potentially allowing unauthorized changes in ownership to go unnoticed.

Tools Used

Manual Review

Recommendations

To address this vulnerability, it is crucial to emit an event within the setOwner function to log ownership changes. This ensures transparency and provides an auditable record of ownership modifications on the blockchain.

function setOwner(address _newOwner) external onlyVaultManager {
+ address oldOwner = owner;
owner = _newOwner;
emit OwnerChanged(oldOwner, _newOwner);
}

// This should be above constructor

event OwnerChanged(address indexed oldOwner, address indexed newOwner);
Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!