Description

The transferOwnership() function is used to transfer ownership of the contract to a different address. This is done in a single step, meaning that the ownership is fully transferred after this function is called.

function transferOwnership(address newOwner) external onlyOwner {
    require(newOwner != address(0), "owner is zero");
    owner = newOwner;
    emit OwnerChanged(newOwner);
}

Impact

The function checks that the new owner is not set to address(0) to prevent an erroneous transfer of ownership. However, there is still a risk that the owner may input an incorrect address for the new owner, either due to a typo or other mistakes. If this happens, it can result in a loss of ownership of the contract, potentially leading to unclaimed funds being permanently locked into the contract.

Recommendations

Consider using a two-step ownership transfer mechanism. See OpenZeppelin's implementation of Ownable2Step here↗.

Remediation

This issue has been acknowledged by Euler Labs Ltd..