Open hats-bug-reporter[bot] opened 3 months ago
Sorry for the weird formatting, first time submitting on Hats ✌️
This issue needs admin for accidentally call the renounceOwnership() function which, and considering the admins are trusted it becomes invalid
Github username: @Vancelott Twitter username: vancelotx Submission hash (on-chain): 0xd27ca3d03ae1c5f0c21214eedc62e99a4c56e0414b67a30859578f48ec48b203 Severity: low
Description: Description\
The contract
RouterV2PathProviderUpgradeable
inherits fromOwnable2StepUpgradeable
, which has a two-step-process implemented for the ownership of the contract. Even in that case, an accidental call to renounceOwnership can result in the contract having noOwner
Attack Scenario\
Describe how the vulnerability can be exploited.
If the contract is left with no
Owner
, 3 of the main functions won't be accessible to the protocol, making it only usable with the information provided to it, before the renouncement. These are the functions which haveonlyOwner
and won't be callable:Attachments
-
Files: