The current host transfer process involves the current host calling abdicate().
This function checks the new host is not the zero address and proceeds to write the new host's address into the governance's state variable.
If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with the onlyHost() modifier.
Tools Used
Manual review
Recommended Mitigation Steps
implement a two step process where the controller nominates an account and the nominated account needs to call an acceptController() function for the transfer of controller to fully succeed. This ensures the nominated EOA account is a valid and active account.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/party/PartyGovernance.sol#L458-L469
Vulnerability details
Impact
The current host transfer process involves the current host calling
abdicate()
. This function checks the new host is not the zero address and proceeds to write the new host's address into the governance's state variable. If the nominated EOA account is not a valid account, it is entirely possible the owner may accidentally transfer ownership to an uncontrolled account, breaking all functions with theonlyHost()
modifier.Tools Used
Manual review
Recommended Mitigation Steps
implement a two step process where the controller nominates an account and the nominated account needs to call an acceptController() function for the transfer of controller to fully succeed. This ensures the nominated EOA account is a valid and active account.