Mystery Box

First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

No restriction of changeOwner function

Summary

There's no restriction to change owner in changeOwner function.

Vulnerability Details

Anyone can call changeOwner function to be owner.

Impact

The contract is controlled by malicious user so funds can be stolen.

Tools Used

Manual review

Recommendations

function changeOwner(address _newOwner) public {
require(msg.sender == owner, "Only owner can call")
owner = _newOwner;
}
Updates

Appeal created

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Anyone can change owner

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.