c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Out of scope
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/lending/OndoPriceOracle.sol#L18
Vulnerability details
Impact
In contract OndoPriceOracle.sol, there is use of a dependency Ownable.sol for access control. The project should use Openzeppelins implementation of Ownable preferably the from the sub library Openzeppelin/contracts-upgradble. If the dev team argues for the existing implementation, then it should include a check in function transferOwnership, the function should check I the new owner is a zero address: require(newOwner != address(0), "Ownable: new owner is the zero address"); Usage of an incorrect version of the Ownable.sol can potentially malfunction all the onlyOwner functions .
Tools Used
None