Omniscia KlimaDAO Audit

sKlimaToken_v2 Manual Review Findings

sKlimaToken_v2 Manual Review Findings

KT2-01M: Improper Ownership Renouncation

Description:

The renounceManagement function does not properly clear out any pending _newOwner, thus permitting a malicious owner to fake renouncing their rights and then reclaim them at a later date.

Example:

contracts/tokens/regular/sKlimaToken_v2.sol
976function renounceManagement() public virtual override onlyManager() {
977 emit OwnershipPushed( _owner, address(0) );
978 _owner = address(0);
979}
980
981function pushManagement( address newOwner_ ) public virtual override onlyManager() {
982 require( newOwner_ != address(0), "Ownable: new owner is the zero address");
983 emit OwnershipPushed( _owner, newOwner_ );
984 _newOwner = newOwner_;
985}
986
987function pullManagement() public virtual override {
988 require( msg.sender == _newOwner, "Ownable: must be new owner to pull");
989 emit OwnershipPulled( _owner, _newOwner );
990 _owner = _newOwner;
991}

Recommendation:

We advise the function to properly clear out the _newOwner data entry.

Alleviation:

The _newOwner is now properly cleared out when management is renounced thereby alleviating this exhibit.