Closed code423n4 closed 2 years ago
hack3r-0m
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L152
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L178
the owner can pass the owner's same address in address dao and transfer ownership to itself while initializing protocol.
address dao
It leads onlyDao modifier restricted functions to be called by the owner.
onlyDao
add check for the new owner is not the current owner.
Handle
hack3r-0m
Vulnerability details
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L152
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L178
the owner can pass the owner's same address in
address dao
and transfer ownership to itself while initializing protocol.It leads
onlyDao
modifier restricted functions to be called by the owner.add check for the new owner is not the current owner.