Ownership Transfer Limitations in ZENO Token Factory
Summary
The transferZenoOwnership function in the ZENO Token Factory contract enables the factory (which holds the onlyOwner role) to transfer ownership of individual ZENO contracts to a new owner. However, this design introduces a critical limitation: once the factory transfers ownership to an external address, that new owner cannot further transfer ownership. Moreover, the factory loses the ability to transfer ownership again since the onlyOwner modifier restricts this function to the original deployer of the factory.
Vulnerability Details
Restricted onlyOwner Modifier:
The function transferZenoOwnership is protected by the onlyOwner modifier, meaning only the owner of the ZENO Factory (the deployer) can call it.
One-Time Ownership Transfer:
When the factory transfers ownership of a ZENO contract to a new address, that new owner cannot initiate another ownership transfer using the factory’s function. This is because the function can only be called by the factory’s owner, not by the new ZENO owner.Factory’s Loss of Control:
After transferring ownership, if the new owner needs to change ownership further (or if an error occurs requiring a re-assignment), the factory is unable to assist because it no longer holds the ownership of the ZENO contract. Any subsequent ownership transfer cannot be initiated by the factory.
Impact
Operational Inflexibility:
The new owner of the ZENO contract is locked into their role, with no facility to delegate or transfer ownership further using the factory’s mechanisms. This could be problematic if the new owner needs to restructure or delegate administrative responsibilities.
Tools Used
Manual Review
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.