if transfer the role to a none-exist address , the contract need to re-deploy.
It is recommended to have 2 steps
setting a pending Manager address
use the pending address to accept the Manager role
Proof of Concept
function setDrawManager(address _drawManager) external {
if (drawManager != address(0)) {
revert DrawManagerAlreadySet();
}
drawManager = _drawManager;
emit DrawManagerSet(_drawManager);
}
Tools Used
vscode
Recommended Mitigation Steps
It is recommended to implement a two-step role transfer where the role recipient is set and
then the recipient has to claim that role to finalise the role transfer
Lines of code
https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/4bc8a12b857856828c018510b5500d722b79ca3a/src/PrizePool.sol#L299#L306
Vulnerability details
Impact
if transfer the role to a none-exist address , the contract need to re-deploy. It is recommended to have 2 steps
Proof of Concept
Tools Used
vscode
Recommended Mitigation Steps
It is recommended to implement a two-step role transfer where the role recipient is set and then the recipient has to claim that role to finalise the role transfer
Assessed type
Other