GalloDaSballo
commented
2 years ago Agree with the finding, although no risk here
Closed code423n4 closed 2 years ago
GalloDaSballo
commented
2 years ago Agree with the finding, although no risk here
GalloDaSballo
commented
2 years ago Also, it's ok to be able to send governance to an invalid address (address(0)) as that's the act of burning the keys (which is a feature, not a bug)
0xleastwood
commented
2 years ago as there is no risk, marking this as non-critical and duplicate of #56
Handle
defsec
Vulnerability details
Impact
The current governor transfer process involves the current owner calling Zap. setGovernance(). This function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyGovernor() modifier. Lack of two-step procedure for critical operations leaves them error-prone if the address is incorrect, the new address will take on the functionality of the new role immediately
for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert
Tools Used
None
Recommended Mitigation Steps
Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.