Lines of code
<https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/Owned.sol#L18-L20&gt;

Vulnerability details

Impact

This finding highlights a potential security risk related to the lack of safeguards when changing ownership in the DNSSECImpl.sol contract. As it stands, the current implementation allows for the owner to be set toaddress(0), which could result in the loss of control over critical functions, leading to protocol failure.

Proof of Concept

The DNSSECImpl.sol contract inherits from a customOwned.sol contract that lacks proper checks when changing ownership.

OpenZeppelin’s Ownable.sol includes the necessary check to prevent setting the owner toaddress(0), and it should be implemented in any custom Ownable contract:Ownable.sol

File: contracts/dnssec-oracle/DNSSECImpl.sol

import "./Owned.sol";

The setOwner function inOwned.soldoes not prevent setting the new owner toaddress(0) and does not implement a two-step transfer ownership pattern:

File: contracts/dnssec-oracle/Owned.sol

function setOwner(address newOwner) public owner_only {
    owner = newOwner;
}

Functions with owner_only access:

File: contracts/dnssec-oracle/DNSSECImpl.sol
function setAlgorithm(uint8 id, Algorithm algo) public owner_only {
    algorithms[id] = algo;
    emit AlgorithmUpdated(id, address(algo));
}
function setDigest(uint8 id, Digest digest) public owner_only {
    digests[id] = digest;
    emit DigestUpdated(id, address(digest));
}

Tools Used

Manual Reveiw

Recommended Mitigation Steps

To address this security issue, it is recommended to use the OpenZeppelin Ownable.sol contract, which is a trusted and robust solution within the community:

OpenZeppelin’s Ownable: <https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol&gt;

---

The text was updated successfully, but these errors were encountered:

All reactions