c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
minhquanym
commented
1 year ago Spam
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-lukso/contracts/LSP14Ownable2Step/LSP14Ownable2Step.sol#L145-L168
Vulnerability details
Impact
The use of strict equality in the _renounceOwnership function of the LSP14Ownable2Step contract can introduce a vulnerability known as a "time manipulation attack." Let's understand the potential issue: The strict equality check _renounceOwnershipStartedAt == 0 is used to determine if the renounceOwnership function is called for the first time. If it is the first time, the function sets the _renounceOwnershipStartedAt variable to the current block number. This condition ensures that the renouncement process can only be initiated once. By manipulating the block timestamp or block number, an attacker can influence the values used in the strict equality condition. They can set the _renounceOwnershipStartedAt variable to 0 or adjust the current block number to be greater than confirmationPeriodEnd. This manipulation can allow the attacker to bypass the confirmation period and immediately execute the ownership renouncement.
Proof of Concept
Tools Used
Manual analysis
Recommended Mitigation Steps
Use block timestamp comparisons instead of strict equality checks to allow for some tolerance in the confirmation period.
Assessed type
Timing