Critical privileges are transferred in one step instead of two
Summary
The vulnerability lies in the critical privilege management of the protocol, where ownership transfer operations can be executed in a one-step process. The functions FjordStaking.sol::setOwner, FjordPoints:setOwner, and FjordAuctionFactory.sol::setOwner allow the owner to transfer ownership in a single step, which exposes the protocol to potential risks such as input mistakes and clipboard replacement attacks. This flaw could lead to the protocol being taken over by an attacker and rendered unusable.
Vulnerability Details
Currently, the owner of the protocol can transfer ownership and the associated privileges in a one-step process using the setOwner function. Since ownership in blockchain protocols carries critical privileges, any accidental or malicious transfer of ownership could have disastrous consequences.
Impact
Critical owner priviliges could be transferred to an incorrect address e.g. if
ownermistakenly inputs an incorrect addressthe protocol becomes the victim of a Clipboard Replacement Attack: protocol owner copies the address that ownership is supposed to be transferred to, but a malware replaces the address on the clipboard with a different, attacker-controlled address that the protocol owner will eventually end of pasting when preparing to call some of the setOwner functions.
With the ownership privileges transferred to an incorrect account, the whole protocol will be compromised/unusable.
Tools Used
Manual review
Recommendations
Instead of allowing ownership transfers in one step, implement a mechanism where the new owner must accept the transfer. This reduces the risk of erroneous or malicious ownership transfers. Ownable2Step from OpenZeppelin is a good solution.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.