Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Single step ownership transfers are risky

tpiliposian

Summary

The AuctionFactory, FjordPoints, and FjordStaking contracts manage ownership through a single-step ownership transfer function. Given the contract's non-upgradeable nature, a single-step ownership transfer introduces significant risks if an error occurs or if malicious actions are taken.

Vulnerability Details

Mentioned contracts contain a single-step function setOwner for transferring ownership:

function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidAddress();
owner = _newOwner;
}

The current implementation allows ownership to be transferred in one step. If the function is called with an incorrect address, there is no way to revert the transfer once executed.

Impact

Mistakes in transferring ownership cannot be easily corrected, as there is no mechanism to revert the change or undo an incorrect ownership transfer.

Tools Used

Manual review.

Recommendations

Implement a two-step ownership transfer process. This approach adds an additional layer of security by requiring confirmation of ownership changes, thus preventing accidental or unauthorized transfers.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.