Single-Step Ownership Transfer Risk in `Ownable` Library
Description
There is a risk in the single-step ownership transfer pattern used in Ownable.sol. In the current single-step ownership transfer model used, ownership is transferred immediately to the new address upon calling transferOwnership. If an incorrect address is passed during ownership or admin rights transfer, the contract’s ownership could be lost permanently. This could brick critical functionalities in the protocol that rely on the onlyOwner modifier. Although the likelihood of this error is low, the impact is severe, as the protocol's core functions may become inaccessible.
Impact
No Reclaim Mechanism: The original owner loses access immediately.
Lost Control: If the wrong or an invalid address is provided, the contract becomes unusable.
Critical Functionality Impact: Any function marked with onlyOwner becomes permanently bricked.
Tools Used
Manual Review
Recommendations
OpenZeppelin provides a library called Ownable2Step that implements this pattern. The ownership transfer process in Ownable2Step is as follows:
Step 1: Call transferOwnership(address newOwner) to initiate the transfer.
Step 2: The new owner must call claimOwnership() to finalize the transfer.
If the new owner does not claim, the current owner retains control and can cancel the transfer.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.