Omniscia KlimaDAO Audit

sKlimaToken_v2 Manual Review Findings

KT2-01M: Improper Ownership Renouncation

Type	Severity	Location
Logical Fault	Medium	sKlimaToken_v2.sol:L976-L979

Description:

The renounceManagement function does not properly clear out any pending _newOwner, thus permitting a malicious owner to fake renouncing their rights and then reclaim them at a later date.

Example:

contracts/tokens/regular/sKlimaToken_v2.sol

976function renounceManagement() public virtual override onlyManager() {
977    emit OwnershipPushed( _owner, address(0) );
978    _owner = address(0);
979}
980
981function pushManagement( address newOwner_ ) public virtual override onlyManager() {
982    require( newOwner_ != address(0), "Ownable: new owner is the zero address");
983    emit OwnershipPushed( _owner, newOwner_ );
984    _newOwner = newOwner_;
985}
986
987function pullManagement() public virtual override {
988    require( msg.sender == _newOwner, "Ownable: must be new owner to pull");
989    emit OwnershipPulled( _owner, _newOwner );
990    _owner = _newOwner;
991}

Recommendation:

We advise the function to properly clear out the _newOwner data entry.

Alleviation:

The _newOwner is now properly cleared out when management is renounced thereby alleviating this exhibit.

Omniscia KlimaDAO Audit

sKlimaToken_v2 Manual Review Findings

sKlimaToken_v2 Manual Review Findings

KT2-01M: Improper Ownership Renouncation

Description:

Example:

Recommendation:

Alleviation:

StakingHelper.sol (SHR-M)

AlchemistKlimaUpgradeable.sol (CON-C)

On this page