You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Severity: Low
Difficulty: High
Type: Data Validation
Target: src/FusionLock.sol
Description
When called, the transferOwnership function immediately sets the contract owner to a new address. The use of a single step to make such a critical change is error-prone; if the function is called with erroneous input, the results could be irrevocable or difficult to recover from.
Exploit Scenario
Alice invokes the transferOwnership function to change the contract administrator but accidentally enters the wrong address. She permanently loses access to the contract.
Recommendations
Short term, implement a two-step process for all irrecoverable critical operations. Consider using Ownable2Step instead of Ownable.
Long term, improve unit testing to uncover edge cases and ensure intended behavior throughout the system.
The text was updated successfully, but these errors were encountered:
Lack of two-step process for owner transference
Severity: Low
Difficulty: High
Type: Data Validation
Target: src/FusionLock.sol
Description
When called, the
transferOwnership
function immediately sets the contract owner to a new address. The use of a single step to make such a critical change is error-prone; if the function is called with erroneous input, the results could be irrevocable or difficult to recover from.https://github.com/OpenZeppelin/openzeppelin-contracts/blob/01ef448981be9d20ca85f2faf6ebdf591ce409f3/contracts/access/Ownable.sol#L84-L99
Exploit Scenario
Alice invokes the
transferOwnership
function to change the contract administrator but accidentally enters the wrong address. She permanently loses access to the contract.Recommendations
Short term, implement a two-step process for all irrecoverable critical operations. Consider using
Ownable2Step
instead ofOwnable
.Long term, improve unit testing to uncover edge cases and ensure intended behavior throughout the system.
The text was updated successfully, but these errors were encountered: