Ownership is only set once during deployment of the contract and cannot be changed afterwards.
Owner is trusted so this issue could be low or just informational. But VestedAirdrop::rescue_tokens
and VestedAirdrop::set_merkle_root
are dependent on the owner. As the protocol will evolve, this might be a problem in the future if different roles are assigned to different addresses, or the current owner changes for the protocol.
If the owner is changed after deployment in the protocol, then this contract will not work as expected and we would need to deploy a new contract with the new owner.
Add the trusted snekmate
dependency and use the ownable
library to allow features like ownership transferability or checking the owner.
Import the ownable
snekmate library:
It should add the following functions to the contract:
Then export this specific external function:
And invoke init inside the constructor:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.