The ConfidencePoolFactory inherits from OpenZeppelin's Ownable2StepUpgradeable, which exposes a public renounceOwnership() function. The factory does not override this function. If called by the owner, ownership is permanently renounced to address(0).
Root cause:
@> ConfidencePoolFactory.sol:6
@> ConfidencePoolFactory.sol:162-164
The only overrides in the factory are for _authorizeUpgrade and the constructor _disableInitializers(). There is no renounceOwnership override anywhere in the file.
Likelihood: Low
Requires the owner to intentionally call renounceOwnership(). This is a self-inflicted action that no reasonable deployer would take.
The two-step ownership transfer (Ownable2Step) does not trigger this — it requires a conscious, direct function call.
Impact: Medium (if it istriggered)
Factory becomes permanently inoperable: no new pools can be created (createPool blocked by onlyOwner on the factory? No — createPool uses whenNotPaused not onlyOwner. But the setters are onlyOwner.)
Wait — re-verifying: createPool is external whenNotPaused — it does NOT have onlyOwner. So pools can still be created after renounceOwnership. But setStakeTokenAllowed IS onlyOwner, so no new tokens can be allowlisted.
More critically: _authorizeUpgrade IS onlyOwner, so the factory can never be upgraded to a fix.
Existing pools continue to function independently.
Override renounceOwnership to revert with a descriptive error:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.