Omniscia Transient Audit
Owned Manual Review Findings
Owned Manual Review Findings
OWN-01M: Pull-Over-Push Pattern
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | Owned.sol:L18-L21 |
Description:
The transferOwnership
function of the Owned
contract overwrites the existing owner
with the _newOwner
without ensuring that the new owner is aware of the ownership or can make transactions on the blockchain.
Example:
tsc-contracts/contracts/Owned.sol
18function transferOwnership(address payable _newOwner) public onlyOwner {19 owner = _newOwner;20 emit OwnershipTransferred(msg.sender, _newOwner);21}
Recommendation:
We advise the pull-over-push pattern to be applied here whereby a new owner is first proposed and needs to consequently accept ownership to be come the new owner of the contract, ensuring they are aware of the contract's existence.
Alleviation:
The contract has since been omitted from the codebase rendering this exhibit no longer applicable.