TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Ownership Renouncement While Contract Paused

juggernaut63
File Location: protocol/contracts/templegold/TempleGoldStaking.sol#L291-L293

Vulnerability Details

The contract owner is not prevented from renouncing the ownership while the contract is paused, which would cause any user assets stored in the protocol to be locked indefinitely.

Impact

  • Locked Assets

  • Operational Disruption

  • Loss of Trust

Tools Used

  • Manual inspection

  • Solidity

Recommendations

To fix the issue where the contract owner could relinquish ownership while the contract was paused, we had to modify the ‘renounceOwnership’ function so that it could not be called while the contract was paused.

Code snippet:

L291-L293

function pause() external override onlyElevatedAccess {
_pause();
}

Add the modifier ‘whenNotPaused’ in the ‘TempleGoldStaking.sol’ file:

modifier whenNotPaused() {
require(!paused(), "Pausable: paused");
_;
}

use this modifier in the ‘renounceOwnership’ function:

function renounceOwnership() public override onlyOwner whenNotPaused {
_renounceOwnership();
}

Implemented fix code:

import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/security/Pausable.sol";
contract TempleGoldStaking is Ownable, Pausable {
// Other functions and state variables...
function pause() external onlyOwner {
_pause();
}
function unpause() external onlyOwner {
_unpause();
}
modifier whenNotPaused() {
require(!paused(), "Pausable: paused");
_;
}
function renounceOwnership() public override onlyOwner whenNotPaused {
_renounceOwnership();
}
// Other functions and state variables...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.