One-Step Ownership Transfer Vulnerability

[c4-bot-8]

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticFactory.sol#L147

Vulnerability details

Impact

The transferOwnership function in the Panoptic Factory contract allows for a one-step transfer of ownership without any additional checks or confirmation steps.

This design allows the current owner of the Panoptic Factory to directly transfer ownership to a new address without any confirmation or authorization from the new owner. It can lead to unauthorized ownership transfers and potential loss of control over the contract.

Proof of Concept

Exploit:

• Deploy the Panoptic Factory contract.
• Call the testOwnershipTransfer function with the address of the desired new owner as the parameter.
• Ownership of the contract is immediately transferred to the provided address without any confirmation from the new owner.

  Tools Used

  Manual Review

Recommended Mitigation Steps

• Implement a multi-step ownership transfer process that requires confirmation from both the current and new owners, such as a two-step authorization process or a timelock mechanism. This ensures that ownership transfers are authorized by both parties and reduces the risk of unauthorized ownership changes. Additionally, consider adding access control mechanisms to restrict access to critical functions based on the current owner's address.

Assessed type

Other

[c4-judge]

Picodes marked the issue as unsatisfactory: Insufficient proof