To enable transferring ownership in case of the owner wallet is compromised, the KittyConnect::i_kittyConnectOwner
variable should not be immutable
. Furthermore, the project should use OpenZeppelin's Ownable
contract to use a battle tested transfer ownership functionality.
Since KittyConnect::i_kittyConnectOwner
is immutable
it cannot be changed. If this address is compromised, there is no recovery plans that will successfully transfer the ownership to another not compromised address.
If the owner wallet is compromised, the attacker will be able to add any shop as partner and may add non-compliant and not trusted shops.
Manual review
The project should use OpenZeppelin's Ownable
contract to use a battle tested transfer ownership functionality.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.