Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Single-step ownership transfer can be dangerous

Bauer

Summary

Single-step ownership transfer means that if a wrong address was passed when transferring ownership or admin rights it can mean that role is lost forever.
If the admin permissions are given to the wrong address within this function, it will cause irreparable damage to the contract.

Vulnerability Details

The AccountNFT contract currently inherits from the Ownable contract, which implements a single-step ownership transfer process.

contract AccountNFT is ERC721Enumerable, Ownable {
using SafeCast for uint256;
constructor(string memory name, string memory symbol, address owner) ERC721(name, symbol) Ownable(owner) { }
function mint(address to, uint256 tokenId) external onlyOwner {
// intentionally not using _safeMint
_mint(to, tokenId);
}

It is recommended to use the Ownable2Step contract instead, as it provides a two-step ownership transfer process.
This two-step process enhances security by requiring the new owner to explicitly accept ownership, reducing the risk of accidental or unauthorized transfers.

Impact

A single-step transfer of ownership can potentially result in the loss of ownership.

Tools Used

Vscode

Recommendations

It is recommended to use the Ownable2Step contract instead.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!