Omniscia KlimaDAO Audit
sKlimaToken_v2 Manual Review Findings
sKlimaToken_v2 Manual Review Findings
KT2-01M: Improper Ownership Renouncation
Type | Severity | Location |
---|---|---|
Logical Fault | Medium | sKlimaToken_v2.sol:L976-L979 |
Description:
The renounceManagement
function does not properly clear out any pending _newOwner
, thus permitting a malicious owner to fake renouncing their rights and then reclaim them at a later date.
Example:
contracts/tokens/regular/sKlimaToken_v2.sol
976function renounceManagement() public virtual override onlyManager() {977 emit OwnershipPushed( _owner, address(0) );978 _owner = address(0);979}980
981function pushManagement( address newOwner_ ) public virtual override onlyManager() {982 require( newOwner_ != address(0), "Ownable: new owner is the zero address");983 emit OwnershipPushed( _owner, newOwner_ );984 _newOwner = newOwner_;985}986
987function pullManagement() public virtual override {988 require( msg.sender == _newOwner, "Ownable: must be new owner to pull");989 emit OwnershipPulled( _owner, _newOwner );990 _owner = _newOwner;991}
Recommendation:
We advise the function to properly clear out the _newOwner
data entry.
Alleviation:
The _newOwner
is now properly cleared out when management is renounced thereby alleviating this exhibit.