Single-step ownership transfer is implemented instead of a two-step ownership transfer. If an incorrect address is passed, the role may be permanently lost. This type of transfer is implemented in Auth.sol and affects all methods marked as onlyOwner within the protocol, including core functionality.
Proof of Concept
Two-step ownership transfer is a more secure method for transferring ownership or admin rights in blockchain protocols. It can prevent unintended consequences and ensure that ownership or admin rights are not permanently lost.
c4-judge
commented
1 year ago
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/AstariaRouter.sol#L16 https://github.com/code-423n4/2023-01-astaria/blob/main/src/AuthInitializable.sol#L16 https://github.com/code-423n4/2023-01-astaria/blob/main/src/LienToken.sol#L18 https://github.com/code-423n4/2023-01-astaria/blob/main/src/TransferProxy.sol#L16
Vulnerability details
Impact
Single-step ownership transfer is implemented instead of a two-step ownership transfer. If an incorrect address is passed, the role may be permanently lost. This type of transfer is implemented in
Auth.soland affects all methods marked asonlyOwnerwithin the protocol, including core functionality.Proof of Concept
Two-step ownership transfer is a more secure method for transferring ownership or admin rights in blockchain protocols. It can prevent unintended consequences and ensure that ownership or admin rights are not permanently lost.
Tools Used
Manual analysis.
Recommended Mitigation Steps
Consider using Solady's
OwnableRoles.solinstead: https://github.com/Vectorized/solady/blob/main/src/auth/OwnableRoles.sol