search

sherlock-audit / 2024-02-optimism-2024-judging

6 stars 4 forks source link

use `Ownable2StepUpgradeable` in place of `OwnableUpgradeable` #243

Closed sherlock-admin3 closed 7 months ago

sherlock-admin3 commented 7 months ago

use Ownable2StepUpgradeable in place of OwnableUpgradeable

Low/Info issue submitted by Shield

Summary

use Ownable2StepUpgradeable in place of OwnableUpgradeable in DelayedWETH.sol

Vulnerability Detail

Single-step ownership transfer means that if a wrong address was passed when transferring ownership or admin rights it can mean that role is lost forever. The ownership pattern implementation for the protocol is in OwnableUpgradeable.sol where a single-step transfer is implemented

Impact

In case a wrong owner is set it can impact all ownership related methods and be a big concern

Code Snippet

https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/dispute/weth/DelayedWETH.sol#L22

Tool used

Manual Review

Recommendation

use Ownable2StepUpgradeable instead