First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `onlyOwner` from OpenZeppelin instead of `onlyKittyConnectOwner` modifier

yaioxy

Summary

The KittyConnect contract is using custom modifier onlyKittyConnectOwner modifier instead of onlyOwner from OpenZeppelin. This could lead to vulnerabilities if not implemented correctly.

Vulnerability Details

The onlyOwner modifier from OpenZeppelin enforces that only the contract owner can execute the function. A custom modifier like onlyKittyConnectOwner likely tries to accomplish the same goal, but may be vulnerable.

Since onlyOwner is well-tested and audited, a custom modifier likely introduces more risk.

Impact

If onlyKittyConnectOwner is poorly implemented, it could allow unauthorized accounts to execute privileged functions.

Tools Used

Manual Review

Recommendations

Use onlyOwner from OpenZeppelin for clear and standardized access control.

Import Ownable from OpenZeppelin library

+ import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";

Add inheritance to the contract

contract KittyConnect is ERC721, Ownable {

Add onlyOwner modifier instead of onlyKittyConnectOwner in KittyConnect::addShop function

- function addShop(address shopAddress) external onlyKittyConnectOwner {
+ function addShop(address shopAddress) external onlyOwner{
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.