Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Mantle>Discussion>Ownership transfer
GeneralOverview
Findings
High (1)
Low (1)
Informational (2)
DiscussionCentralization riskOwnership transfer
Threat ModelsWhat are threat models?L1MantleToken.solL1StandardBridge.solL2StandardBridge.solMantleTokenMigrator.sol
Audit ResultsSummary

Two-step ownership transfer for critical roles

In the MantleTokenMigrator contract, a one-step ownership transfer is in place. This could be a security risk in the case a new owner is accidentally set to the wrong address. In such a scenario, the owner would never be able to be recovered and could render the onlyOwner functions in the contract dysfunctional.

A two-step ownership transfer is recommended for critical admin roles such as owner. A two-step ownership transfer entails the new admin having to claim their role first before the ownership transfer is complete. This mitigates the scenario in which a wrong address is supplied.

Zellic © 2024Back to top ↑