invocamanman
commented
8 months ago Open hats-bug-reporter[bot] opened 8 months ago
invocamanman
commented
8 months ago 
0xfuje
commented
8 months ago Hey @invocamanman, please can you elaborate what do you mean by duplicated? Since my submission was the first one soon after the contest started.
Thank you!
0xfuje
commented
8 months ago Similar duplication on #9
invocamanman
commented
8 months ago Actually you are right, sorry, the duplicated tag was a mistake. Even tho i consider the issue invalid due the following: This is a contemplated and possible scenario, which meant that the owner won't be necessary anymore. The owner is aim to tweak some parameters of the smoothing pool, and could arrive a point where is not needed anymore. Also i don't think it's worth to implement a custom lib, just for this function, anyway the owner can be "renounced" transferring it to a non EOA that is not able to call this contract. So since it does not add any security, this allows us to use a standard library, and could be a possible use case in the future, so i think it's correct.
Github username: @0xfuje Submission hash (on-chain): 0x1532c351c658e2dba37e7d192a6ac6b5177f60f95b51e7ee246ffcd030da57fe Severity: low
Description:
Description
DappNodeSmoothingPooluses openzeppelin'sOwnableUpgradeablehelper contract. The owner of the contract will be the deployer, if the deployer would renounce his ownership: privileged functions protected byonlyOwner()such asinitSmoothingPool(),updatePoolFee(),updatePoolFeeRecipient(),updateCheckpointSlotSize()andupdateCollateral()couldn't be called anymore because the contract would have noowner.openzeppelin/contracts-upgradable/access/OwnableUpgradeable.solRecommended Mitigation
It's best practice to not allow the owner to renounce their ownership via
renounceOwnership(). Consider to overwrite the function inDappNodeSmoothingPool.solto revert it.