Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Zero-Address Check in changeOwner function

godwinx

Summary

The changeOwner function does not validate the new owner's address before assigning it. Specifically, it does not check whether _newOwner is the zero address (0x0000000000000000000000000000000000000000). This introduces a critical vulnerability where an owner can accidentally or maliciously assign the ownership to the zero address, which would result in the contract becoming irreversibly ownerless. As a result, further control over the contract could be lost, potentially halting critical administrative functions.

Vulnerability Details

The changeOwner function in the contract does not implement a validation check for the input parameter _newOwner. Specifically, the function allows setting the owner to any address, including the zero address (0x0000000000000000000000000000000000000000). This absence of validation introduces the following risks:

// MysteryBox.sol: line 111 to 113
function changeOwner(address _newOwner) public {
owner = _newOwner;
}

  1. Root Cause:

    • The changeOwner function directly assigns _newOwner to the owner variable without verifying if _newOwner is the zero address. As a result, ownership could inadvertently or maliciously be transferred to an invalid address, causing a loss of control over the contract.

  2. Risks:

    • Irreversible Loss of Control: If the owner is set to the zero address, all administrative functionalities that rely on the owner will no longer be accessible. This effectively locks the contract in an unusable state, with no way to regain ownership or manage key functions.

    • Potential Denial of Service (DoS): Any administrative or sensitive functions that rely on the owner being valid, such as fund transfers, upgrading contract logic, or managing critical resources, will be permanently disabled.

    • Security Implications: Attackers or careless users could deliberately or mistakenly exploit this vulnerability to render the contract unusable.

  3. Affected Components:

    • The vulnerability directly affects the changeOwner function, but its impact extends to any functionality requiring the owner to manage the contract.

    • Other administrative functions dependent on a valid owner (e.g., updating contract parameters, transferring funds) are also indirectly affected.

  4. Attack Scenarios:

    • Accidental Assignment: The current owner mistakenly sets the ownership to address(0) due to a user error, rendering the contract permanently ownerless.

    • Malicious Exploitation: An attacker or malicious user could exploit this by intentionally passing address(0) to lock the contract, especially if the contract has public or externally accessible functions that call changeOwner.

Impact

  • Loss of Contract Ownership: Once the ownership is transferred to the zero address, no further ownership-related actions can be executed by any account. The contract becomes orphaned, losing control over key administrative tasks.

  • Denial of Service (DoS): If the contract has admin-restricted functions, their execution will be permanently disabled.

Tools Used

Recommendations

Implement a zero-address check to prevent the owner from being set to address(0). The function should revert if _newOwner is the zero address:

Mitigated Code:

function changeOwner(address _newOwner) public {
require(_newOwner != address(0), "New owner cannot be the zero address");
owner = _newOwner;
}
Updates

Appeal created

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.