Unrestricted Ownership Change Vulnerability in MysteryBox::changeOwner Allowing Full Contract Takeover
Summary
The changeOwner function in the MysteryBox contract allows anyone to change the owner of the contract. This is a critical vulnerability as it can lead to complete control of the contract being transferred to a malicious actor.
Vulnerability Details
The changeOwner function does not have any access control, allowing any user to call the function and change the owner to any address they desire. This exposes the contract to a takeover, as a malicious user can claim ownership of the contract and gain full control over all owner-only functions.
function changeOwner(address _newOwner) public {
owner = _newOwner;
}
There is no check to restrict access to this function, which makes it easy for anyone to change the ownership without any verification or security measure.
Impact
An attacker can take full control of the contract by calling the changeOwner function and setting themselves as the owner. This would allow them to execute any owner-only functions, such as withdrawing funds, modifying critical parameters, or even disabling the contract entirely. The potential for loss of funds and control is extremely high.
Tools Used
Manual code review
Recommendations
Implement proper access control by ensuring only the current owner can call the
changeOwnerfunction. This can be done using a modifier likeonlyOwner:
function changeOwner(address _newOwner) public onlyOwner {
owner = _newOwner;
}
Alternatively, use OpenZeppelin’s
Ownablecontract, which provides a secure implementation of ownership management, including functions liketransferOwnershipandonlyOwnermodifier to restrict access.
Appeal created
Anyone can change owner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.