Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Silo Staking>Threat Model>Message: ExecuteMsg::TransferOwnership
GeneralOverview
Findings
High (1)
Low (1)
Threat ModelWhat are threat models?
hub-execute.rsMessage: ExecuteMsg::BondMessage: execute::check_received_coin_msgMessage: ExecuteMsg::DonateMessage: ExecuteMsg::HarvestMessage: ExecuteMsg::RebalanceMessage: ExecuteMsg::ReconcileMessage: execute::reinvestMessage: ExecuteMsg::SubmitBatchMessage: ExecuteMsg::TuneDelegationsMessage: ExecuteMsg::AcceptOwnershipMessage: ExecuteMsg::AddValidatorMessage: ExecuteMsg::CallbackMessage: ExecuteMsg::DropOwnershipProposalMessage: ExecuteMsg::RemoveValidatorMessage: ExecuteMsg::TransferOwnershipMessage: ExecuteMsg::QueueUnbondMessage: ExecuteMsg::UpdateConfigMessage: ExecuteMsg::VoteMessage: ExecuteMsg::VoteWeightedMessage: ExecuteMsg::WithdrawUnbonded
token-execute.rs
Audit ResultsSummary

Message: ExecuteMsg::TransferOwnership

This message can only be invoked by the owner and is used to transfer contract ownership.

The only controllable parameter is new_owner — the address of the newly proposed owner.

The address of the new owner is updated in state.new_owner. However, the ownership does not get changed in this function itself.

Zellic © 2025Back to top ↑