Lack of ownership transfer for deployed ERC721 bridgeable contracts on L2
Summary
The current architecture does not allow L1 collection owners to claim ownership of the automatically deployed L2 collections, limiting their control and leading to centralization issues.
Vulnerability Details
When bridging an NFT collection for the first time, a new ERC721 contract is deployed on L2.
The ownership of this L2 contract is not transferred to the L1 collection owner.
L1 collection owners have no control over their corresponding L2 collections.
Impact
L1 collection owners cannot manage or upgrade their L2 collections.
Tools Used
Manual review
Recommendations
Implement an ownership transfer mechanism for L2 deployed collections.
Allow L1 collection owners to claim ownership of their corresponding L2 collections.
Lead Judging Commences
finding-no-transferOwnership-or-upgrade-for-collections-in-CollectionManager
Likelyhood/Impact: High, it will never (until an upgrade) be able to update or transfer the ownership of any collections created on L1.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.