search

Al-Qa-qa / dyad-private-audit

4 stars 1 forks source link

[L-01]: Single-step ownership transfer mechanism by `OwnableUpgradeable` #1

Open Al-Qa-qa opened 3 months ago

Al-Qa-qa commented 3 months ago

Description

Single Step ownership transfer is dangerous as if the transfer is made to an incorrect address. the contract will be with no owner, and the role will be lost forever.

This will make the contract non-upgradable, where the owner is the only one who can upgrade the implementation of the VaultManger.

Recommendations

Use OZ::Ownable2StepUpgradeable. where in order to change the owner of the contract, the new owner should accept the new role in order to become the owner.

shafu0x commented 3 months ago

will leave it as it is

Al-Qa-qa commented 3 months ago

Sponsor Acknowledge.