Consider using two-step admin change process
Summary
Use a two step admin change pattern to prevent accidental loss of admin status when transferring to a wrong address or accidental renunciation of admin status.
Vulnerability Details
The current admin transfer process involves the current admin calling transferAdmin function.
This function does't check if the new admin is not a zero address and proceeds to write the new admin's address into the admin state variable. If the newAdmin is not a valid account, or a wrong address, the admin status is transferred to an uncontrolled account, potentially malicious breaking all admin protected functions.
Impact
Error prone function can lead to loss of admin status.
Tools Used
Manual Review
Recommendations
Consider implementing a two step process where the current admin nominates an account and the nominated account needs to call an accept function for the transfer of admin status to fully succeed.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.