Ownership can be renounced leading to fees stuck in the contract
Summary
The contract uses single-step ownership control, allowing ownership transfer and renouncing to happen in one transaction. If the current owner renounces their ownership there would be no users able to claim the fees accrued from the protocol's use.
Vulnerability Details
There is no logic in the contract supporting the need for renouncing ownership (for community benefits or like in case of token contracts to prevent future minting possibilities) thereby increasing the risk surface unnecessarily. If the owner were to call Ownable::renounceOwnership by mistake all the future fees accrued will be stored in the contract with no means to withdraw them. The onlyOwner modifier means to gatekeep the function for only authorized users will no longer have an authorized user to allow access to (except address(0)'s key is found).
A new contract will have to be deployed to mitigate this issue and existing data for unmatched users especially have to be migrated. This would be resource intensive on the protocol as they would need to serve as the match for currently existing users, and lose 10% of the fees on matches because the owner has already been renounced.
Impact
Loss of revenue to the protocol.
Tools Used
Manual Review
Recommendations
Override the
renounceOwnershipfunction to revert when called.Use OpenZeppelin's Ownable2Step to avoid errors like this.
Use
AccessControlmodifiers to handle permissions to specific addresses, if deemed necessary.
Appeal created
Admin is trusted
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.