Owner can be a smart contract

tokencard / contracts

The Consumer Contract Wallet

GNU General Public License v3.0

94 stars 40 forks source link

Owner can be a smart contract #570

Closed i-stam closed 4 years ago

i-stam commented 4 years ago

Currently, nothing prevents the owner from being a smart contract. In theory, this opens re-entrancy doors as the onlyOwner() modifier can be bypassed in this way. The isContract() check can be used in order to prevent this scenario.

i-stam commented 4 years ago

After examining the contracts carefully, we concluded that no extra damage (than by simply compromising the owner address) can be done by setting the owner as a smart contract.

mischat commented 4 years ago

We don't believe that there are any new attack vectors by having the owner as a smart contract.