Fantastic Pickle Starfish
High
In DebitaV3Aggregator.sol:682 anyone can call changeOwner as it is checking whether the msg.sender is equal to the sent address and also the owner cannot be changed by no one as it is resetting the variable passed when calling the function.
In DebitaV3Aggregator.sol:682:
function changeOwner(address owner) public {
require(msg.sender == owner, "Only owner");
require(deployedTime + 6 hours > block.timestamp, "6 hours passed");
owner = owner;
}This check require(msg.sender == owner, "Only owner"); is only checking if the msg.sender is equal to the newly sent address. This means that anyone can call this function with their own address.
Also this line owner = owner; is just setting the newly created variable owner to itself and is not changing the state.
- Using the
changeOwnerfunction
None
None
The functionality of changing owner does not work at all which can cause serious issues in the case in which this operation is critically needed (for example the private key of the already set owner is compromised).
None
Change the function as it follows:
-function changeOwner(address owner) public {
+function changeOwner(address _owner) public {
require(msg.sender == owner, "Only owner");
require(deployedTime + 6 hours > block.timestamp, "6 hours passed");
- owner = owner;
+ owner = _owner;
}