Closed sherlock-admin2 closed 9 months ago
IceBear
medium
initOwner() lack of access control
The initOwner() lacks permission control. It only checks whether it has been initialized, there is a potential front-run vulnerability.
Malicious user can front run initOwner(), setting a new owner, and then calling claimOwnership().
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/lib/InitializableOwnable.sol#L42
Manual Review
add onlyOwner on initOwner()
Duplicate of #27
IceBear
medium
initOwner() lack of access control
Summary
initOwner() lack of access control
Vulnerability Detail
The initOwner() lacks permission control. It only checks whether it has been initialized, there is a potential front-run vulnerability.
Impact
Malicious user can front run initOwner(), setting a new owner, and then calling claimOwnership().
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/lib/InitializableOwnable.sol#L42
Tool used
Manual Review
Recommendation
add onlyOwner on initOwner()
Duplicate of #27