Closed code423n4 closed 2 years ago
setContractOwner
All the funds and functions in LiFi would become inaccessible if contractOwner was accidentally or maliciously set to zero.
contractOwner
function setContractOwner(address _newOwner) internal { DiamondStorage storage ds = diamondStorage(); address previousOwner = ds.contractOwner; ds.contractOwner = _newOwner; emit OwnershipTransferred(previousOwner, _newOwner); }
Manual Review
Implement a zero address check in setContractOwner:
function setContractOwner(address _newOwner) internal { require(_newOwner != address(0), "Zero address not valid") DiamondStorage storage ds = diamondStorage(); address previousOwner = ds.contractOwner; ds.contractOwner = _newOwner; emit OwnershipTransferred(previousOwner, _newOwner); }
Duplicate of #192
Downgrading to Low/QA
Consider with warden's QA Report #68
Lines of code
setContractOwner
Vulnerability details
Impact
All the funds and functions in LiFi would become inaccessible if
contractOwner
was accidentally or maliciously set to zero.Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a zero address check in
setContractOwner
: