Omniscia DAFI Protocol Audit
Ownable Manual Review Findings
Ownable Manual Review Findings
OWN-01M: Pull-Over-Push Pattern
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | Minor | Ownable.sol:L24-L28 |
Description:
The transferOwnership function overwrites the previously set owner with the newOwner without ensuring the newOwner is able to actuate transactions on the blockchain.
Example:
24function transferOwnership(address newOwner) public onlyOwner {25 require(newOwner != address(0),"invalid address");26 emit OwnershipTransferred(owner, newOwner);27 owner = newOwner;28}Recommendation:
We advise the pull-over-push pattern to be applied to the codebase whereby a newOwner is set as a proposed owner and needs to consequently accept ownership via a dedicated function, ensuring that they are aware of the contract's ownership and can actuate transactions on the blockchain.The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase citing time constraints.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase citing time constraints.