search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

DJINN - Ownership change in a single step #48

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

DJINN

medium

Ownership change in a single step

Summary

The DSAuth.setOwner() function is used to change ownership of contracts. This function changes the owner in a single step without confirmation from the new owner.

Vulnerability Detail

Owners of the contracts are privileged users who perform various administrative tasks. When an owner calls DSAuth.setOwner() with an address, the ownership is immediately revoked and transferred to the provided address in a single step. No confirmation from the new owner is required.

Furthermore, the function also does not check if the provided address is address(0).

Impact

Ownership (administrative privilege) can be lost to an uncontrolled account if the current owner provides an invalid address for the new owner.

Code Snippet

Tool used

Manual Review

Recommendation

When changing ownership of a contract, a two-step approach is recommended:

  1. The current owner proposes a new address for change.
  2. The proposed new address then claims ownership in a separate transaction.

Additionally, add checks for address(0) in the function.

sherlock-admin commented 7 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Information

0xAadi commented:

Invalid: Admin/Owner is Trusted