The DSAuth.setOwner() function is used to change ownership of contracts. This function changes the owner in a single step without confirmation from the new owner.
Vulnerability Detail
Owners of the contracts are privileged users who perform various administrative tasks. When an owner calls DSAuth.setOwner() with an address, the ownership is immediately revoked and transferred to the provided address in a single step. No confirmation from the new owner is required.
Furthermore, the function also does not check if the provided address is address(0).
Impact
Ownership (administrative privilege) can be lost to an uncontrolled account if the current owner provides an invalid address for the new owner.
DJINN
medium
Ownership change in a single step
Summary
The
DSAuth.setOwner()
function is used to change ownership of contracts. This function changes the owner in a single step without confirmation from the new owner.Vulnerability Detail
Owners of the contracts are privileged users who perform various administrative tasks. When an owner calls
DSAuth.setOwner()
with an address, the ownership is immediately revoked and transferred to the provided address in a single step. No confirmation from the new owner is required.Furthermore, the function also does not check if the provided address is
address(0)
.Impact
Ownership (administrative privilege) can be lost to an uncontrolled account if the current owner provides an invalid address for the new owner.
Code Snippet
Tool used
Manual Review
Recommendation
When changing ownership of a contract, a two-step approach is recommended:
Additionally, add checks for
address(0)
in the function.