Not using Ownable2StepUpgradeable
Summary
Onwable contracts used do single step change of ownership
Vulnerability Details
Distribution.sol inherits single step Onwableupgradeable
https://github.com/Cyfrin/2024-01-Morpheus/blob/07c900d22073911afa23b7fa69a4249ab5b713c8/contracts/Distribution.sol#L6
L2Sender.sol inherits single step Onwableupgradeable
https://github.com/Cyfrin/2024-01-Morpheus/blob/07c900d22073911afa23b7fa69a4249ab5b713c8/contracts/L1Sender.sol#L11
L2MessageReceiver.sol inherits single step Onwableupgradeable
https://github.com/Cyfrin/2024-01-Morpheus/blob/07c900d22073911afa23b7fa69a4249ab5b713c8/contracts/L2MessageReceiver.sol#L5
L2TokenReceiver.sol inherits single step Onwableupgradeable
https://github.com/Cyfrin/2024-01-Morpheus/blob/07c900d22073911afa23b7fa69a4249ab5b713c8/contracts/L2TokenReceiver.sol#L4
Impact
This can lead to loss of ownership over the contracts due to single step change is wrong address, address without control keys passed, address no longer in control used. It is now best practise to always use Ownable2Step in this case Ownable2StepUpgradeable which allows ownership to be safely transferred and claimed in 2 steps. Not doing this can lead to loss of ability to do admin, access control onlyOwner functionality like setter functions, funds, users management, configurations etc
Tools Used
Manual Analysis
Recommendations
Use Ownable2StepUpgradeable instead
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.