Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

[H-3] Unrestricted Ownership Transfer in MysteryBox::changeOwner function

ghufranhassan1

Summary

The changeOwner function allows any user to change the contract's owner without any restrictions, leading to unauthorized control over the contract.

Vulnerability Details

  • The changeOwner function lacks access control, meaning it does not verify if the caller is the current owner. This allows any address to execute the function and set themselves or any other address as the owner.

  • This vulnerability can lead to unauthorized access to functions restricted to the owner, such as withdrawFunds, setBoxPrice, and addReward.

Impact

Below are the steps to exploit and the impact:

  1. Any user calls the changeOwner function with their own address or any address they control as the _newOwner.

  2. The user becomes the new owner of the contract.

  3. The new owner can now call functions that are supposed to be restricted to the original owner, such as withdrawing all funds.

    .

Tools Used

Manual Review

Recommendations

Implement access control by adding a require statement to ensure that only the current owner can change the ownership. Modify the function as follows:

function changeOwner(address _newOwner) public {
require(msg.sender == owner, "Only owner can change ownership"); // Adding access control
owner = _newOwner;
}
Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Anyone can change owner

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.