Single-step Ownership Transfer Pattern Can Be Dangerous used in every contract
Summary
Every contract is using ownable.sol an old version which if provided wrong may potentially loss the funds
Vulnerability Details
Inheriting from OpenZeppelin's Ownable contract means you are using a single-step ownership transfer pattern. If an admin provides an incorrect address for the new owner, this will result in none of the onlyOwner marked methods being callable again. The better way to do this is to use a two-step ownership transfer approach, where the new owner should first claim its new rights before they are transferred.
Impact
If an incorrect address is mistakenly set as the new owner in contracts, all onlyOwner functions will become permanently inaccessible. This could result in the loss of administrative control, potentially locking funds, disabling key contract functionality, or preventing critical upgrades.
import "@openzeppelin/contracts/access/Ownable.sol";
Tools Used
Manual analyzed
Recommendations
Consider using the OpenZeppelin's Ownable2Step instead of Ownable
Lead Judging Commences
Trusted Owner
Owner is trusted and is not expected to interact in ways that would compromise security
Single Stepe Owner Transfer
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.