Elegant Arctic Stork
High
Variable shadowing in the owner reassignment function ( changeOwner )will cause a complete failure of ownership transfer for the protocol as any caller attempting to change ownership will result in an ineffective state change.
In AuctionFactory.sol:218 the function parameter owner shadows the state variable owner, causing the assignment to modify the parameter instead of the state variable:
- Current owner needs to call changeOwner() within 6 hours of contract deployment
- State variable owner must be initialized (done in constructor)
NA
- Current owner calls changeOwner() with new owner address
- Function executes successfully but state variable remains unchanged
- Original owner retains control despite appearing to transfer ownership
- New intended owner has no access to owner functions
- Permanent inability to transfer ownership
- Risk of protocol being locked if original owner loses access
- No way to update critical protocol parameters that require owner access
- Potential need for contract redeployment to fix ownership issues
function testOwnershipTransferFails() public {
address newOwner = address(0x123);
address originalOwner = auctionFactory.owner();
vm.prank(originalOwner);
auctionFactory.changeOwner(newOwner);
assertEq(auctionFactory.owner(), originalOwner); // Still points to original owner
assertTrue(auctionFactory.owner() != newOwner); // New owner not set
}function changeOwner(address _newOwner) public {
require(msg.sender == owner, "Only owner");
require(deployedTime + 6 hours > block.timestamp, "6 hours passed");
require(_newOwner != address(0), "Zero address");
owner = _newOwner; // Fixed assignment
}The fix involves:
- Renaming the parameter to avoid shadowing
- Adding zero address check
- Properly assigning the new owner to the state variable