4 matches found
SingleAdminAccessControl contract allows admin to be transferred without removing old admin first
Lines of code Vulnerability details Description The SingleAdminAccessControl contract allows the admin role to be transferred to a new address without first removing the old admin. This is a security vulnerability, as it allows a malicious admin to transfer the role to a new address and then lock...
Unauthorized Admin Transfer Vulnerability
Lines of code Vulnerability details Description The bug in this contract is that it doesn't handle the case when the pendingAdmin is set to the zero address address0. As per the condition msg.sender == address0, the if statement can be bypassed if an attacker sets pendingAdmin to the zero address...
Transferring admins does not work for CToken
Lines of code Vulnerability details Impact The CToken implements an acceptAdmin function that sets the new admin to the pendingAdmin. But CToken does not implement a setPendingAdmin function to set the pendingAdmin in the first place. Therefore, the acceptAdmin function is useless and CTokens can...
Single-step process for critical admin transfer is risky
Handle 0xRajeev Vulnerability details Impact LongShort and Staker contracts have the notion of an “admin” address that is used within onlyAdmin or adminOnly modifiers for granting authorization to critical functions. Such contracts use a single-step ownership transfer of such admin addresses usin...