Open hats-bug-reporter[bot] opened 3 months ago
Once the ownership of the contract is transferred to the contract address, this state can be regarded as renounced ownership. In this state, no other account has access to the restricted methods and since the contract is not upgradeable, this state will never change (the contract won't be able to call itself to transfer ownership).
Github username: -- Twitter username: -- Submission hash (on-chain): 0x81879b03c6822fcf1cf71e03c997e927aad2f57e996b3407093a9b4629dc0e4b Severity: low
Description: Description\
The contract implements the ownership function. there are certain functions like
transfer_ownership
,accept_ownership
andrenounce_ownership
.The function
renounce_ownership
is expected to renounce the ownership. Refer the OZ implementation here.But, it transfer the ownership to the pending owner.
ownable2step.rs#L98-L112
Impact\
Renouncing ownership to the zero address is a step towards making the contract fully decentralized. Without an owner, no single entity has control over the contract, aligning with the principles of decentralization in blockchain ecosystems. The current implementation will not serve the purpose.
Attachments
If the contract wants to remove the ownership, remove it fully instead of hand over to pending owner.