Since the protocol relies significantly on administrative operations, a one-step ownership transfer pattern is problematic.
Summary
Since the protocol relies significantly on administrative operations, a one-step ownership transfer pattern is problematic.
Vulnerability Details
The owner has deployed numerous contracts, and ownership is based on a single step. What if the owner desires to transfer ownership to another, but the function is called with incorrect input? The effect could be irreversible or difficult to recover from. No function can be paused while unpaused. Because the contracts are contain critical functionality controlled by the owner, it appears that careful management of ownership transfers is essential. The better way to do this is to use a two-step ownership transfer approach, where the new owner should first claim its new rights before they are transferred.
Impact
If malicious users steal funds from the contract, and the owner accidentally sets the incorrect address and transfers ownership before funds are drained from the contract, it is a single step. After then, no one may pause, unpause, or perform any other critical function as the owner.
Tools Used
Manual Review
Recommended Mitigation
It Is Advisable to use 2 Step ownership instead of using single step.
Use OpenZeppelin's Ownable2Step.sol.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.