Description: The transferAdmin
function allows the current admin to transfer admin rights to any address, including potentially malicious ones.
Code Reference:
Impact:
If an attacker can control the admin address, they can execute any function that is restricted to the admin, leading to unauthorized access and potential manipulation of the contract state.
A malicious new admin can drain funds, change critical parameters, or block legitimate users.
Recommendations:
Implement a check to ensure the newAdmin
address is not a zero address:
Consider adding a time-lock mechanism for admin transfers to provide time for users to react to unexpected changes.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.