The setFeeManager() and setOwner() functions lack a proper ownership transfer pattern. It is recommended to make this a two-step process to ensure that the new owner is truly the desired address. The first function called will set the pending owner and a second function must be called by the pending owner to accept the ownership transfer.
GalloDaSballo
commented
2 years ago
[L-01] Improper ownership transfer pattern
The
setFeeManager()andsetOwner()functions lack a proper ownership transfer pattern. It is recommended to make this a two-step process to ensure that the new owner is truly the desired address. The first function called will set the pending owner and a second function must be called by the pending owner to accept the ownership transfer.https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L53-L57 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VoterProxy.sol#L62-L65