Summary

The FjordAuctionFactory contract's ownership transfer process currently uses a direct assignment method, where ownership can be transferred to a new address in a single step. While this method is simple, it does not provide the safety and security measures that a two-step ownership transfer process offers. Implementing a two-step ownership transfer process can help prevent accidental or malicious transfers of ownership, enhancing the contract's overall security.

Vulnerability Details

Impact

Accidental Ownership Transfer: The current owner might accidentally transfer ownership to an incorrect address due to a typo or error in input. Once ownership is transferred, it cannot be reverted, potentially leading to loss of control over the contract.

Tools Used

Manual

Recommendations

• Introduce a Pending Owner State: Add a new state variable pendingOwner to temporarily hold the new owner's address.

• Modify transferOwnership to Use Two Steps: Change the transferOwnership function to set the pendingOwner instead of directly changing ownership.

• Add a claimOwnership Function: This function allows the pendingOwner to claim ownership, finalising the transfer.