0xBeastBoy - Owner Can Renounce Ownership

[sherlock-admin4]

0xBeastBoy

High

Owner Can Renounce Ownership

Reference

• https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/Pool.sol#L25
• https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/PositionManager.sol#L73
• https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/Registry.sol#L11
• https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/RiskEngine.sol#L18
• https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/SuperPool.sol#L25

Summary

The above referenced contracts are inherited from Ownable or OwnableUpgradeable which imposes a risk where owner can renounce ownership.

Vulnerability Detail

These contracts are exposed to a significant vulnerability due to the presence of the renounceOwnership function. This function allows the owner to renounce control entirely, leaving the contract without an active owner. If the ownership is renounced, key administrative functions requiring ownership access such as managing liquidity pools, risk settings, registry updates, and parameter modifications—cannot be executed, which can halt critical operations and lock user funds indefinitely. This issue has been reported in multiple projects, emphasizing the need for careful handling.

Impact

• If RiskEngine ownership is renounced, critical updates, such as setting LTV values, would be impossible, leading to the potential misuse or misconfiguration of risk-related functions.
• Pool ownership renouncement would prevent future pool parameter updates (e.g., interest rate model changes, fee adjustments) and make it impossible to manage pool owners or caps. This would effectively freeze any administrative control over liquidity management.
• If PositionManager ownership is renounced, the management of position authorizations, registry updates, and risk engine settings would be impossible. This could result in locked user assets, halted liquidation processes, and ineffective risk management, putting the protocol's integrity at risk.
• Renouncing ownership in the SuperPool contract would lead to the inability to manage the fee recipient, pool allocations, or cap adjustments. This scenario could cause issues with reallocation operations and limit overall liquidity management across sub-pools, affecting the protocol’s flexibility and efficiency.
• For Registry it would freeze the ability to update critical registry addresses, including rate models and protocol components. This could lead to catastrophic failures if a module needs replacing or upgrading, as no further changes would be allowed once ownership is renounced.

  Tool used

Manual Review

Recommendation

Disable the renounceOwnership function in contracts that are critical for governance or system control to prevent this issue.

[sherlock-admin4]

1 comment(s) were left on this issue during the judging contest.

z3s commented:

Admins are trusted