0xstormtrooper
commented
2 years ago "setGuardian() function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. "
setGuardian sets address of guardian only callable by owner. It does not set a new owner
Handle
defsec
Vulnerability details
Impact
setGuardian() function checks the new owner is not the zero address and proceeds to write the new owner's address into the owner's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyGuardian() modifier. Lack of two-step procedure for critical operations leaves them error-prone if the address is incorrect, the new address will take on the functionality of the new role immediately
for Ex : -Alice deploys a new version of the whitehack group address. When she invokes the whitehack group address setter to replace the address, she accidentally enters the wrong address. The new address now has access to the role immediately and is too late to revert
Tools Used
None
Recommended Mitigation Steps
Consider implementing a two step process where the owner nominates an account and the nominated account needs to call an acceptOwnership() function for the transfer of ownership to fully succeed. This ensures the nominated EOA account is a valid and active account.