Vulnerability Details

Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.

Found in contracts/Distribution.sol Line: 73

function createPool(Pool calldata pool_) public onlyOwner {

Found in contracts/Distribution.sol Line: 82

function editPool(uint256 poolId_, Pool calldata pool_) external onlyOwner poolExists(poolId_) {

Found in contracts/Distribution.sol Line: 127

) external onlyOwner poolExists(poolId_) {

Found in contracts/Distribution.sol Line: 323

) external payable onlyOwner returns (bytes memory) {

Found in contracts/Distribution.sol Line: 344

function removeUpgradeability() external onlyOwner {

Found in contracts/Distribution.sol Line: 348

function _authorizeUpgrade(address) internal view override onlyOwner {

Found in contracts/L1Sender.sol Line: 47

function setDistribution(address distribution_) public onlyOwner {

Found in contracts/L1Sender.sol Line: 51

function setRewardTokenConfig(RewardTokenConfig calldata newConfig_) public onlyOwner {

Found in contracts/L1Sender.sol Line: 55

function setDepositTokenConfig(DepositTokenConfig calldata newConfig_) public onlyOwner {

Found in contracts/L1Sender.sol Line: 135

function _authorizeUpgrade(address) internal view override onlyOwner {}

Found in contracts/L2MessageReceiver.sol Line: 26

function setParams(address rewardToken_, Config calldata config_) external onlyOwner {

Found in contracts/L2MessageReceiver.sol Line: 108

function _authorizeUpgrade(address) internal view override onlyOwner {}

Found in contracts/L2TokenReceiver.sol Line: 41

function editParams(SwapParams memory newParams_) external onlyOwner {

Found in contracts/L2TokenReceiver.sol Line: 54

function swap(uint256 amountIn_, uint256 amountOutMinimum_) external onlyOwner returns (uint256) {

Found in contracts/L2TokenReceiver.sol Line: 81

) external onlyOwner returns (uint128 liquidity_, uint256 amount0_, uint256 amount1_) {

Found in contracts/L2TokenReceiver.sol Line: 131

function _authorizeUpgrade(address) internal view override onlyOwner {}

Found in contracts/MOR.sol Line: 10

contract MOR is IMOR, ERC20Capped, ERC20Burnable, Ownable {
Found in contracts/MOR.sol Line: 24

function mint(address account_, uint256 amount_) external onlyOwner {

Found in contracts/mock/tokens/StETHMock.sol Line: 7

contract StETHMock is ERC20, Ownable {
Found in contracts/mock/tokens/StETHMock.sol Line: 29

function setTotalPooledEther(uint256 _totalPooledEther) external onlyOwner {

Impact

If the owner account is compromised or behaves maliciously, it could lead to undesirable consequences, such as unauthorized pool creation or fund drainage.

Tools Used

Aderyn

Recommendations

Instead of relying solely on a single owner account, consider implementing a multi-signature scheme.
Require multiple authorized parties to collectively approve critical actions like creating a pool.