Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

[H-4] `changeOwner()` - Access control problem

parkervzone

Summary

The changeOwner() function has no access restriction, this leads to the fact that the owner variable can be reassigned by any user.

Vulnerability Details

This problem leads to unlimited access to critical functions such as withdrawFunds() and setBoxPrice().


Vulnerable function:

function changeOwner(address _newOwner) public {
owner = _newOwner;
}

Scenarios:

  1. The user appoints himself as the owner and changes the boxPrice to 0 using the setBoxPrice() function. Now the user can buy boxes for free and receive a reward from them.

  2. The user appoints himself as the ownerand with the help of the withdrawFunds function, he withdraws the funds of the contract.

Impact

In summary, the user can steal all the funds of the contract or take over the contract completely.

Tools Used

Manual code review

Recommendations

You can use one of these options:

1 | Add require before owner reassigning:

function changeOwner(address _newOwner) public {
+ require(msg.sender==owner,"Only owner can change");
owner = _newOwner;
}

2 | Create an access modifier and assign it to functions that require access control:

+ modifier OnlyOwner {
+ require(msg.sender==owner,"Only owner can use");
+ _;
+ }
function changeOwner(address _newOwner) public OnlyOwner {...}
Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Anyone can change owner

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!