Submission Details
Severity:
Use two step ownership transfer
Two-Step Ownership Transfer
Two-step ownership transfer prevents the contract ownership from mistakenly being transferred to an address that cannot handle it (e.g., due to a typo in the address) by requiring that the recipient of the owner's permissions actively accept via a contract call of its own.
Current Implementation (One-Step Ownership Transfer)
In FjordAuctionFactory.sol, the ownership is transferred in one step:
function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidAddress();
owner = _newOwner;
}
Recommended Implementation (Two-Step Ownership Transfer)
Use the following two-step ownership transfer approach instead:
+ address private _pendingOwner;
<...>
function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidAddress();
- owner = _newOwner;
+ _pendingOwner = _newOwner;
}
+ function acceptOwnership() public {
+ address sender = msg.sender;
+ require(pendingOwner() == sender, "MultisigOwnable: caller is not the new real owner");
+ realOwner = sender;
+ delete _pendingOwner;
+ }
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230
USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.