Single-step ownership transfer mechanism by `Ownable`
Vulnerability Details
For contracts that Bridge inherits from them, they implement single-step ownership transfer, this is not ideal for protocols where it can leave the contract without an owner if it transfers the ownership to a wrong address.
Single-step ownership transfer is dangerous as if the transfer is made to an incorrect address. the contract will be with no owner, and the role will be lost forever.
This will make the contract non-upgradable, where the owner is the only one who can upgrade the implementation of the Bridge.
NOTE: there are more than one Ownable contract but this will not make more than one owner for the contract, thanks to C3 linearization algorism, there will be only one owner for the Bridge contract.
Recommendations
Use Ownable2Step instead of Ownable from OpenZeppelin.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.