Skip to content

Latest commit

 

History

History
50 lines (28 loc) · 1.77 KB

068.md

File metadata and controls

50 lines (28 loc) · 1.77 KB

Lone Mint Kookaburra

High

changeOwner function fails to update the contract owner

Summary

The changeOwner function in the contract fails to update the owner address, rendering the functionality non-operational. This occurs due to a logical error in the assignment statement within the function, where the parameter owner is incorrectly assigned to itself rather than updating the state variable.

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/376fec45be95bd4bbc929fd37b485076b03ab8b0/Debita-V3-Contracts/contracts/DebitaV3Aggregator.sol#L682-L686

  • In DebitaV3Aggregator.sol#L682-L686, the line owner = owner; assigns the parameter owner to itself, rather than updating the contract's owner state variable. This mistake leads to no effective change in ownership.

similar issue in other two contracts also.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

  • The contract owner cannot be changed, which undermines the flexibility and intended functionality of the changeOwner feature.
  • This could result in operational inefficiencies, as the inability to transfer ownership may block critical administrative actions.

PoC

No response

Mitigation

To fix the issue, modify the function to ensure the state variable owner is updated correctly. Replace:

- owner = owner;
+ this.owner = owner;