code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

# Pending owner is not cleared #143

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

cmichel

Vulnerability details

The TimeswapFactory.acceptOwner function does not reset pendingOwner to zero.

Impact

The pending owner can repeatedly accept the governance, emitting an AcceptOwner event each time, bloating listeners for this event with unnecessary data.

Recommended Mitigation Steps

Reset pendingOwner to zero in acceptOwner.

amateur-dev commented 2 years ago

Similar issue reported over here #83 ; hence closing this