Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of Ownership Transfer Mechanism

m3ntor

Summary: https://github.com/Cyfrin/2025-01-diva/blob/main/contracts/src/WToken.sol

The _owner address, which controls critical functionality (mint and burn), is immutable after deployment. This rigidity can cause operational issues if the _owner:

Loses access to their private key.

Wishes to delegate control to another entity.

Needs to accommodate organizational changes or upgrades.

Impact

The contract functionality itself remains secure and functional, however, operational flexibility is hindered, making this a bug under best practices for contract governace.

Tools Used

Manual Review

Recommendations

Implement a transferOwnership function as explained earlier:

function transferOwnership(address newOwner) external onlyOwner { require(newOwner != address(0), "WToken: new owner cannot be the zero address"); _owner = newOwner; }

This issue introduces operational risks due to the rigidity of ownership management.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.