`RouterV2PathProviderUpgradeable` hasn't disabled the function `renounceOwnership`

[hats-bug-reporter[bot]]

Github username: @Vancelott Twitter username: vancelotx Submission hash (on-chain): 0xd27ca3d03ae1c5f0c21214eedc62e99a4c56e0414b67a30859578f48ec48b203 Severity: low

Description: Description\

The contract RouterV2PathProviderUpgradeable inherits from Ownable2StepUpgradeable, which has a two-step-process implemented for the ownership of the contract. Even in that case, an accidental call to renounceOwnership can result in the contract having no Owner

Attack Scenario\

Describe how the vulnerability can be exploited.

If the contract is left with no Owner, 3 of the main functions won't be accessible to the protocol, making it only usable with the information provided to it, before the renouncement. These are the functions which have onlyOwner and won't be callable:

• setAllowedTokenInInputRouters
• addRouteToToken
• removeRouteFromToken

Attachments

1. Proof of Concept (PoC) File

-

2. Revised Code File (Optional)

Files:

• routerV2Fix.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmVncfrwuWKsKP2PJ4Gi5eykqZoPy6TQwpgnZioi6HsqRK)

[Vancelott]

Sorry for the weird formatting, first time submitting on Hats ✌️

[0xmahdirostami]

This issue needs admin for accidentally call the renounceOwnership() function which, and considering the admins are trusted it becomes invalid