Omniscia Kanpeki Finance Audit

Ownable Manual Review Findings

OWN-01M: Pull-Over-Push Ownership Pattern

Type	Severity	Location
Logical Fault	Minor	Ownable.sol:L37-L44

Description:

The ownership pattern enforced by Ownable does not validate that the newOwner is indeed aware of the ownership of the contract and is able to actuate transactions on the blockchain.

Example:

contracts/roles/Ownable.sol

37function transferOwnership (address newOwner) public onlyOwner
38{
39  require(newOwner != address(0), "0 addr");
40
41  emit OwnershipTransferred(_owner, newOwner);
42
43  _owner = newOwner;
44}

Recommendation:

We advise the pull-over-push pattern to be applied here, whereby a newOwner is instead proposed and consequently needs to accept ownership via a dedicated function. This will ensure the newOwner conciously accepts ownership of the contract and knows how to interact with it if its a smart contract.

Alleviation:

A time delay system was introduced instead that allows proper time to evaluate that the new owner is aware of ownership. Although the system is initially set to not enforce the time delay, we consider this exhibit dealt with as the time delay trait can be activated in the future depending on whether its necessary.

Omniscia Kanpeki Finance Audit

Ownable Manual Review Findings

Ownable Manual Review Findings

OWN-01M: Pull-Over-Push Ownership Pattern

Description:

Example:

Recommendation:

Alleviation:

Oracle.sol (ORA-M)

RewardManager.sol (RMR-M)

On this page