search

sherlock-audit / 2024-08-cork-protocol-judging

2 stars 2 forks source link

Mammoth Laurel Nightingale - use-ownable2step #300

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

Mammoth Laurel Nightingale

Low/Info

use-ownable2step

Summary

Vulnerability Detail

Impact

Code Snippet

2024-08-cork-protocol-0xjoichiro/Depeg-swap/contracts/core/flash-swaps/FlashSwapRouter.sol

By demanding that the receiver of the owner permissions actively accept via a contract call of its 
          own,  `Ownable2Step` and `Ownable2StepUpgradeable` prevent the contract ownership from accidentally
          being transferred  to an address that cannot handle it.                                            
          Details: https://sg.run/yBAA                                                                       

           25┆ contract RouterState is IDsFlashSwapUtility, IDsFlashSwapCore, OwnableUpgradeable,
               UUPSUpgradeable, IUniswapV2Callee {       

2024-08-cork-protocol-0xjoichiro/Depeg-swap/contracts/core/assets/AssetFactory.sol

By demanding that the receiver of the owner permissions actively accept via a contract call of its 
          own,  `Ownable2Step` and `Ownable2StepUpgradeable` prevent the contract ownership from accidentally
          being transferred  to an address that cannot handle it.                                            
          Details: https://sg.run/yBAA                                                                       

           14┆ contract AssetFactory is IAssetFactory, OwnableUpgradeable, UUPSUpgradeable {

2024-08-cork-protocol-0xjoichiro/Depeg-swap/contracts/core/assets/Asset.sol

By demanding that the receiver of the owner permissions actively accept via a contract call of its 
          own,  `Ownable2Step` and `Ownable2StepUpgradeable` prevent the contract ownership from accidentally
          being transferred  to an address that cannot handle it.                                            
          Details: https://sg.run/yBAA                                                                       

           72┆ contract Asset is ERC20Burnable, ERC20Permit, Ownable, Expiry, ExchangeRate {

Tool used

Manual Review

Recommendation

siddhpurakaran commented 1 month ago

Owner of Assets and AssetsFactory contracts will be our own contracts like moduleCore/Config contracts only, so majorly it will not transfer owenrship mistakenly. so will not fix this