renounceOwnership() reverts for some contracts but not others.
Vulnerability Detail
renounceOwnership() reverts for MasterchefV2, BaseRewarder, BribeRewarder and MasterchefRewarder (since it inherits BaseRewarder), but does not revert for the other Ownable contracts like RewarderFactory, MlumStaking and Voter.
Impact
Allowing ownership revokes on contracts that possibly shouldn't be allowed.
Lone Opaque Mustang
Low/Info
Inconsistent
renounceOwnership()
implementationsSummary
renounceOwnership()
reverts for some contracts but not others.Vulnerability Detail
renounceOwnership()
reverts forMasterchefV2
,BaseRewarder
,BribeRewarder
andMasterchefRewarder
(since it inheritsBaseRewarder
), but does not revert for the other Ownable contracts likeRewarderFactory
,MlumStaking
andVoter
.Impact
Allowing ownership revokes on contracts that possibly shouldn't be allowed.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/MasterchefV2.sol#L447-L449 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/rewarders/BaseRewarder.sol#L248-L250 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/rewarders/BribeRewarder.sol#L357-L359
Tool used
Manual Review
Recommendation
Have consistent functionality of renouncing ownership across all contracts.