Github username: @jonsey
Submission hash (on-chain): 0x76b847d2dc64f8c3e3ce7c964cc53dc66643c919edad609e72b33d0cac0b9426
Severity: medium
Description:Description\
LoyaltyPointsMarketSafe inherits from Openzeppelin Ownable which allows the owner to renounceOwnership of the contract.
Attack Scenario\
Calling this renounceOwnership will leave the contract without an owner, preventing any further administrative operations. Specifically withdrawFunds will not be able to be called, locking any depositied funds in the contract. Also setWeiPerPoint and setBoostPaymentAmount will not be callable.
Risk level\
Likelihood - 1
Impact - 5
Overall: Medium
Attachments
Proof of Concept (PoC) File
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
Revised Code File (Optional)
It is recommended that the owner should not be able to renounce ownership without transfering the ownership first. The functionality can be disabled by adding the following code to the LoyaltyPointsMarketSafe.
function renounceOwnership() public override onlyOwner {
revert("Cannot renounce ownership");
}
Github username: @jonsey Submission hash (on-chain): 0x76b847d2dc64f8c3e3ce7c964cc53dc66643c919edad609e72b33d0cac0b9426 Severity: medium
Description: Description\
LoyaltyPointsMarketSafe
inherits from OpenzeppelinOwnable
which allows the owner torenounceOwnership
of the contract.Attack Scenario\ Calling this
renounceOwnership
will leave the contract without an owner, preventing any further administrative operations. SpecificallywithdrawFunds
will not be able to be called, locking any depositied funds in the contract. AlsosetWeiPerPoint
andsetBoostPaymentAmount
will not be callable.Risk level\ Likelihood - 1 Impact - 5 Overall: Medium
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) It is recommended that the owner should not be able to renounce ownership without transfering the ownership first. The functionality can be disabled by adding the following code to the
LoyaltyPointsMarketSafe
.