sherlock-audit / 2024-06-magicsea-judging

8 stars 5 forks source link

Lone Opaque Mustang - Inconsistent `renounceOwnership()` implementations #701

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 4 months ago

Lone Opaque Mustang

Low/Info

Inconsistent renounceOwnership() implementations

Summary

renounceOwnership() reverts for some contracts but not others.

Vulnerability Detail

renounceOwnership() reverts for MasterchefV2, BaseRewarder, BribeRewarder and MasterchefRewarder (since it inherits BaseRewarder), but does not revert for the other Ownable contracts like RewarderFactory, MlumStaking and Voter.

Impact

Allowing ownership revokes on contracts that possibly shouldn't be allowed.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/MasterchefV2.sol#L447-L449 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/rewarders/BaseRewarder.sol#L248-L250 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/rewarders/BribeRewarder.sol#L357-L359

Tool used

Manual Review

Recommendation

Have consistent functionality of renouncing ownership across all contracts.