Omniscia Myso Finance Audit

Ownable Manual Review Findings

OEL-01M: Inexistent Clean-Up of Proposed Owner

Type	Severity	Location
Logical Fault		Ownable.sol:L21-L28

Description:

The Ownable::claimOwnership implementation does not properly clean-up the previous proposed _newOwner, permitting them to re-claim ownership repetitively which would in turn emit misleading ClaimedOwnership events.

Impact:

While this exhibit represents undesirable behaviour, its security impact is inexistent as it will solely affect off-chain processes. As such, we consider this exhibit to be of "informational" severity.

Example:

contracts/Ownable.sol

15function proposeNewOwner(address _newOwnerProposal) external {
16    senderCheckOwner();
17    _newOwner = _newOwnerProposal;
18    emit NewOwnerProposed(_owner, _newOwnerProposal);
19}
20
21function claimOwnership() external {
22    if (msg.sender != _newOwner) {
23        revert Errors.InvalidSender();
24    }
25    address _oldOwner = _owner;
26    _owner = _newOwner;
27    emit ClaimedOwnership(_owner, _oldOwner);
28}

Recommendation:

We advise the code to also zero out the _newOwner entry, ensuring that ownership cannot be claimed more than once without proposing first.

Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):

The Ownable::claimOwnership function was updated to delete the previous _newOwner, alleviating this exhibit.

Omniscia Myso Finance Audit

Ownable Manual Review Findings

Ownable Manual Review Findings

OEL-01M: Inexistent Clean-Up of Proposed Owner

Description:

Impact:

Example:

Recommendation:

Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):

LoanProposalImpl.sol (LPI-M)

QuoteHandler.sol (QHR-M)

On this page