Upgrade OwnableUpgradeable to Ownable2StepUpgradeable
Summary
Vulnerability Detail
The contract RioLRTRewardDistributor inherits from the OwnableUpgradeable contract by OpenZeppelin. In the case of the designated Owner calling the function transferOwnership, they may accidentally transfer the ownership to an uncontrolled EoA or to a contract that may not be able to interact with the ownership at all. That could also be the case if the initial address provided for the owner is an invalid one.
Impact
All of the functions with the onlyOwner modifier won't be accessible.
A better option has been created by OpenZeppelin - Ownable2StepUpgradeable, which provides a two-step verification that can prevent an accidental transfer of the ownership.
Vancelot
medium
Upgrade
OwnableUpgradeable
toOwnable2StepUpgradeable
Summary
Vulnerability Detail
The contract
RioLRTRewardDistributor
inherits from theOwnableUpgradeable
contract by OpenZeppelin. In the case of the designated Owner calling the functiontransferOwnership
, they may accidentally transfer the ownership to an uncontrolled EoA or to a contract that may not be able to interact with the ownership at all. That could also be the case if the initial address provided for the owner is an invalid one.Impact
All of the functions with the
onlyOwner
modifier won't be accessible.Code Snippet
https://github.com/sherlock-audit/2024-02-rio-vesting-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRTRewardDistributor.sol#L5
Tool used
Manual Review
Recommendation
A better option has been created by OpenZeppelin -
Ownable2StepUpgradeable
, which provides a two-step verification that can prevent an accidental transfer of the ownership.