search

code-423n4 / 2023-06-lukso-findings

3 stars 1 forks source link

Lack of check for zero address in the function _transferOwnership before transferring ownership #56

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-lukso/contracts/LSP14Ownable2Step/LSP14Ownable2Step.sol#L126

Vulnerability details

Impact

The absence of a check for the zero address (address(0)) when transferring ownership can lead to unintended consequences and potential fund loss. If the contract allows transferring ownership to the zero address (address(0)), it effectively means relinquishing ownership of the contract. This can result in a loss of control over the contract and its associated functions and data.

Proof of Concept

https://github.com/code-423n4/2023-06-lukso/contracts/LSP14Ownable2Step/LSP14Ownable2Step.sol#L145-L168 (starting from line 126)

Tools Used

Manual analysis

Recommended Mitigation Steps

To mitigate these risks, it is crucial to include a check to prevent transferring ownership to the zero address.

Assessed type

Error

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #6

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Invalid