Use ownable2step instead of Ownable library.
Summary
TempleGold uses Openzepplin's ownable library which could potentially lead to the wrong address being the owner of the TempleGold contract.
Vulnerability Details
Workflow of the TempleGold contract ownership process:
TempleGoldAdmin will be deployed by the DAO deployer.
After deployment (and after required init functions are called), the rescuer and executor on this will be two separate DAO multi-sigs.
TempleGold will be deployed by the DAO deployer.
After deployment and init, templeGold.transferOwnership(address(templeGoldAdmin)); will be called to transfer ownership of this to TempleGoldAdmin.
To transfer the Ownership TempleGold uses Openzepplin's Ownable library.
Using the Ownable.sol contract with its onlyOwner modifier is one of the most common patterns in Solidity. The biggest shortcoming with the Openzeppelin ownable implementation is that it allows the transfer of ownership to a non-existent or mistyped address. Ownable2Step is much safer than Ownable since rather than directly transferring to the new owner, the transfer only completes after the new owner has accepted the ownership. The implementation from Openzeppelin can be found here
Impact
Owner could potentially be transferred to the wrong address.
Tools Used
Manual Review
Recommendations
Replace Ownable with Ownable2Step
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.