`changeOwner` Function Lacks Access Control, Allowing Anyone to Become Owner
Summary
The changeOwner function in the MysteryBox contract does not implement proper access control mechanisms, posing a significant security risk. This oversight enables any user to become the owner of the contract, potentially leading to unauthorized control and actions.
Vulnerability Details
The changeOwner function allows the current owner to transfer ownership of the contract to a new address. However, the vulnerability lies in the absence of a check that verifies whether msg.sender is the current owner. As a result, any user can call this function and change the owner without restriction.
This design flaw means that an unauthorized caller can easily change the owner to their own address, which compromises the integrity of the contract.
Impact
This vulnerability allows anyone to become the owner of the contract by simply invoking the changeOwner function. Consequently, malicious actors could gain control over the contract.
PoC
In TestMysteryBox.t.sol, there is already a test case for changing the owner. The function can be called by any address, and a new owner can be set regardless of who calls the function.
By changing user1 to any address, the test will still pass, demonstrating that there are no access controls in place.
Tools Used
Manual review
Foundry
Recommendations
To mitigate this vulnerability, implement a validation step within the changeOwner function to ensure that the caller (msg.sender) is indeed the current owner before allowing any changes to the ownership.
Appeal created
Anyone can change owner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.