Closed code423n4 closed 1 year ago
This is OpenZeppelin Ownable library design, which is legit (a lot of method should be only called with great care - approve, transfer, etc - and this is out of scope)
Indeed renounceOwnership
should be called with great care, but I don't see a strong argument on why we should remove it. The URI server example does not hold for IPFS for example
Picodes marked the issue as grade-b
Picodes marked the issue as grade-a
Lines of code
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721Delegate.sol#L27-L29
Vulnerability details
Impact
onlyOwner
has another secret import (from Ownable.sol) privilege: renounceOwnership(). They can use this authority whenever he wants, there is no restriction. If he uses this authority, the very important functions detailed below will not be available, updated or added.We see the use of Openzeppelin in
Ownable.sol
in many contracts and owners canrenounceOwnership()
like this project, which is sometimes a positive as it reduces the risk of rugpull but the situation is a bit different here, Owner is constantly needed (For example adding LP) , so security risk is highHowever, in this project, there may be a constant need for the Owner for many reasons, for example, the central server where NFT's metadata is located may become obsolete and the TokenbaseURI address may need to be changed.
Key powers of OnlyOwner;
1 - OnlyOwner does
renounceOwnership()
based on her authority in theJBTiered721Delegate.sol
contract 2 - In the project, the URI server has been disabled and metadata has been moved to the new server. Finally, the BaseTokenURI address from the contract needs to be updated. 3 - Unfortunately, the token cannot be included in the project asOnlyOwner
is the only authorized for the URITools Used
Manual Code Review
Recomendation Steps:
Instead of directly importing the
Ownable.sol
contract, a project-specificOwnable.sol
should be used by removing therenounceOwnership()
function, which is the subject of the above-mentioned potential problem.