The transferOwnership function in the Panoptic Factory contract allows for a one-step transfer of ownership without any additional checks or confirmation steps.
This design allows the current owner of the Panoptic Factory to directly transfer ownership to a new address without any confirmation or authorization from the new owner. It can lead to unauthorized ownership transfers and potential loss of control over the contract.
Proof of Concept
Exploit:
Deploy the Panoptic Factory contract.
Call the testOwnershipTransfer function with the address of the desired new owner as the parameter.
Ownership of the contract is immediately transferred to the provided address without any confirmation from the new owner.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a multi-step ownership transfer process that requires confirmation from both the current and new owners, such as a two-step authorization process or a timelock mechanism. This ensures that ownership transfers are authorized by both parties and reduces the risk of unauthorized ownership changes. Additionally, consider adding access control mechanisms to restrict access to critical functions based on the current owner's address.
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticFactory.sol#L147
Vulnerability details
Impact
The transferOwnership function in the Panoptic Factory contract allows for a one-step transfer of ownership without any additional checks or confirmation steps.
This design allows the current owner of the Panoptic Factory to directly transfer ownership to a new address without any confirmation or authorization from the new owner. It can lead to unauthorized ownership transfers and potential loss of control over the contract.
Proof of Concept
Exploit:
Tools Used
Manual Review
Recommended Mitigation Steps
Assessed type
Other