Centralization Issue OR Owner can renounce Ownership #2
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
edited-by-warden
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
2 (Med Risk)
c4-judge
added
the
unsatisfactory
|
gzeon-c4 marked the issue as unsatisfactory: |
|
livingrockrises marked the issue as sponsor disputed |
c4-sponsor
added
the
sponsor disputed
|
livingrockrises marked the issue as disagree with severity |
c4-sponsor
added
the
disagree with severity
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
SmartAccount.sol#L109
Vulnerability details
Typically, the contract’s owner is the account that deploys the contract. As a result, the owner is able to perform certain privileged activities.
This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.
Moreover,Hacked Owner or Malicious Owner can immediately steal all assets on the platform, which accepts transfer requests from Exchange. [SmartAccount.sol#L449 ]
We recommend to either reimplement the function to disable it or to clearly specify if it is part of the contract design.
The text was updated successfully, but these errors were encountered: