search

code-423n4 / 2023-01-numoen-findings

0 stars 0 forks source link

No way of transfering Ownership/Wrong use of Interface #286

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/periphery/UniswapV3/interfaces/IUniswapV3Factory.sol#L59

Vulnerability details

Impact

From my understanding there is no way to change the owner which can lead to funds can be stuck if an AMM and governance change/upgrade is required. There is risk if the owner keys get compromised - also there is no progressive security if you can't change this. IE it could start as an EOA - and progress to a multisig owner etc.

Tools Used

VS code

Recommended Mitigation Steps

Use Ownable.sol by OpenZeppelin

c4-judge commented 1 year ago

berndartmueller marked the issue as unsatisfactory: Invalid