search

code-423n4 / 2023-01-drips-findings

0 stars 2 forks source link

`Managed.sol` uses single-step ownership transfer #117

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/main/src/Managed.sol#L84

Vulnerability details

Impact

Managed.sol uses single-step ownership transfer which means that if a wrong address was passed when transferring admin rights that role can be lost forever.

Proof of Concept

https://github.com/code-423n4/2023-01-drips/blob/main/src/Managed.sol#L84

Tools Used

Manual code review

Recommended Mitigation Steps

It is a best practice to use two-step ownership transfer pattern, meaning ownership transfer gets to a "pending" state and the new owner should claim his new rights.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Overinflated severity

GalloDaSballo commented 1 year ago

QA at best