Omniscia Bonq Audit
trove Manual Review Findings
trove Manual Review Findings
TRO-01M: Potentially Misleading Function
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | trove.sol:L158-L163 |
Description:
The transferOwnership function will not actually transfer full ownership of the trove as the previous owner could have set an arbitrary number of owners via the addOwner function.
Example:
contracts/trove.sol
158function transferOwnership(address _newOwner) public override {159 address _oldOwner = owner();160 super.transferOwnership(_newOwner);161 addOwner(_newOwner);162 removeOwner(_oldOwner);163}Recommendation:
We advise the function to be renamed or omitted as it is currently misleading.
Alleviation:
The Bonq Protocol team has fixed the issue by first removing all previous owners before transferring the ownership.