Omniscia Alliance Block Audit
AbstractPoolsFactory Manual Review Findings
AbstractPoolsFactory Manual Review Findings
APF-01M: Pull-Over-Push Pattern
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | Minor | AbstractPoolsFactory.sol:L24-L27 |
Description:
The linked code segment immediately transfers the ownership of the contract overriding the previous owner variable without validating that the new owner is capable of transacting with the contract.
Example:
contracts/AbstractPoolsFactory.sol
24function transferOwnership(address newOwner) public onlyOwner {25 require(newOwner != address(0x0), "Cannot set owner to 0 address");26 owner = newOwner;27}Recommendation:
We advise that the pull-over-push pattern is applied by storing a proposed owner to a contract-level variable and consequently allowing the proposed owner to accept ownership of the contract via a dedicated function thus guaranteeing that the address can be actuated from.
Alleviation:
The codebase was adjusted to utilize a pull-over-push pattern whereby a new owner is initially proposed and needs to consequently accept ownership before the owner is updated.