5 matches found
lack of an ownership transfer mechanism
Lines of code Vulnerability details Issue: The code does not have a mechanism to transfer ownership of the contract. In the current implementation, once deployed, the contract owner's address cannot be changed. This can be problematic for contract maintenance and security, as it restricts the...
Unchecked call to transferOwnership() function in CashFactory contract
Lines of code Vulnerability details Summary The deployCash function in the CashFactory contract calls the transferOwnership function on the cashProxyAdmin contract without checking if the call succeeded or not. If the call to transferOwnership fails, the assertcashProxyAdmin.owner == guardian; wi...
A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...
When a user is given the owner privilege of multiple MIMOProxy through transferOwnership, the user cannot choose which MIMOProxy to use as the current Proxy
Lines of code Vulnerability details Impact currentProxies is only set when the user calls the deployFor function of the MIMOProxyRegistry contract, function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy...
MIMOProxy: The transferOwnership function does not update _currentProxies, which causes the core functionality to not work
Lines of code Vulnerability details Impact When the transferOwnership function of the MIMOProxy contract is called, currentProxiesnewOwner is not updated, which causes getCurrentProxynewOwner to return 0 or the wrong MIMOProxy contract address when newOwner executes the function in the current...