Open code423n4 opened 3 years ago
This is a good point. We decided that we will not support the transfer of ownership, so we added the owner as immutable at the end.
In TempusPool, we ended up with an immutable owner (https://github.com/tempus-finance/tempus-protocol/pull/362).
However, as we needed the owner to set whitelisted contracts for the controller, we added Ownable
contract that does exactly what is explained here. I would say it is fair to say that we did it because of this finding. This was done in https://github.com/tempus-finance/tempus-protocol/pull/365
Handle
chenyu
Vulnerability details
Impact
PermanentlyOwnable does not prevent transferring to a dead address. It's possible to have a human error that transfers the contract ownership to a address not owned by the old owner.
Recommended Mitigation Steps
Recommend a two step transfer that owner nominates an account, then the nominated account call an accept function to ensure the nominated account is valid.