Closed i-stam closed 4 years ago
After examining the contracts carefully, we concluded that no extra damage (than by simply compromising the owner address) can be done by setting the owner as a smart contract.
We don't believe that there are any new attack vectors by having the owner as a smart contract.
Currently, nothing prevents the owner from being a smart contract. In theory, this opens re-entrancy doors as the
onlyOwner()
modifier can be bypassed in this way. TheisContract()
check can be used in order to prevent this scenario.