Last Man Standing

First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Submission Details
Impact: medium
Likelihood: high
Invalid

Incorrect Use of Ownable(msg.sender) in Constructor

Root + Impact

Description

  • The Ownable contract from OpenZeppelin is meant to be inherited and used to grant initial ownership to the contract deployer. By default, Ownable sets the owner as msg.sender internally, without requiring constructor arguments.

  • The Game contract incorrectly invokes the Ownable constructor with msg.sender as an argument. Since OpenZeppelin's Ownable constructor does not accept arguments, this causes the compiler to fail with:
    "Wrong argument count for modifier invocation: 1 arguments given but expected 0."

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/access/Ownable.sol";
contract Game is Ownable {
constructor(...)
@> Ownable(msg.sender) {
...
}
}

Risk

Likelihood:

  • This error always occurs at compile-time, preventing deployment on any network.

  • Developers unfamiliar with OpenZeppelin’s constructor pattern may try to pass parameters and face repeated deployment errors.

Impact:

  • Prevents deployment entirely — contract cannot be compiled or verified.

  • Introduces confusion and undermines trust in codebase correctness or auditing pipeline.

Proof of Concept

contract Game is Ownable {
constructor() Ownable(msg.sender) {}
}

Compiling this will result in:

Error (2973): Wrong argument count for modifier invocation: 1 arguments given but expected 0.

Recommended Mitigation

- constructor(...) Ownable(msg.sender) {
+ constructor(...) {
// Ownable sets msg.sender as owner by default

✅ OpenZeppelin’s Ownable will automatically set msg.sender as the owner in its internal constructor logic. There is no need to call it manually with msg.sender.

Updates

Appeal created

inallhonesty Lead Judge 16 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.