First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Ownership Transfer Mechanism for KittyCoin.sol

Caesar

Relevant GitHub Links

https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyCoin.sol#L17-L19

Summary

The KittyCoin contract lacks a mechanism to transfer ownership, creating issues in contract upgrades or maintenance.

Vulnerability Details

The KittyCoin contract's constructor sets the pool address during deployment without providing any way to change it later. This design flaw makes the system rigid and problematic when the KittyPool contract needs to be upgraded or replaced.

constructor(address _pool) ERC20("Kitty Token", "MEOWDY") {
pool = _pool;
}

The constructor of KittyCoin assigns the pool address during deployment but does not include any mechanism to change this address later. If the KittyPool contract is upgraded or replaced, there is no way to transfer minting/burning rights to the new contract, creating a maintenance issue.

Impact

Without a way to transfer ownership or reassign the pool address, the system may require a complete redeployment of contracts, leading to operational issues and potential disruption of services.

Tools Used

Manual

Recommendations

Implement a function to transfer ownership or reassign the pool address in KittyCoin to allow for flexibility in contract upgrades and maintenance.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.