Github username: @jonsey
Submission hash (on-chain): 0x76b847d2dc64f8c3e3ce7c964cc53dc66643c919edad609e72b33d0cac0b9426
Severity: medium
Description:Description\
LoyaltyPointsMarketSafe inherits from Openzeppelin Ownable which allows the owner to renounceOwnership of the contract.
Attack Scenario\
Calling this renounceOwnership will leave the contract without an owner, preventing any further administrative operations. Specifically withdrawFunds will not be able to be called, locking any depositied funds in the contract. Also setWeiPerPoint and setBoostPaymentAmount will not be callable.
Risk level\
Likelihood - 1
Impact - 5
Overall: Medium
Attachments
Proof of Concept (PoC) File
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
Revised Code File (Optional)
It is recommended that the owner should not be able to renounce ownership without transfering the ownership first. The functionality can be disabled by adding the following code to the LoyaltyPointsMarketSafe.
function renounceOwnership() public override onlyOwner {
revert("Cannot renounce ownership");
}
Github username: @jonsey Submission hash (on-chain): 0x76b847d2dc64f8c3e3ce7c964cc53dc66643c919edad609e72b33d0cac0b9426 Severity: medium
Description: Description\
LoyaltyPointsMarketSafeinherits from OpenzeppelinOwnablewhich allows the owner torenounceOwnershipof the contract.Attack Scenario\ Calling this
renounceOwnershipwill leave the contract without an owner, preventing any further administrative operations. SpecificallywithdrawFundswill not be able to be called, locking any depositied funds in the contract. AlsosetWeiPerPointandsetBoostPaymentAmountwill not be callable.Risk level\ Likelihood - 1 Impact - 5 Overall: Medium
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) It is recommended that the owner should not be able to renounce ownership without transfering the ownership first. The functionality can be disabled by adding the following code to the
LoyaltyPointsMarketSafe.