When transferring ownership in the Adminable
contract it should use a two-step process where the admin transfers the ownership then the new owner has to accept the admin. this prevents transferring admin to a wrong or inactive address
the admin role can be transferred to an inactive address, making all function calls with the onlyAdmin
modifier uncallable.
the impact of the vulnerability is that the new admin can be transferred to an inactive address preventing the protocol from using the functions with the onlyAdmin
modifier
Manual Audit
use a two-step admin transfer to change the admin
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.