-
Notifications
You must be signed in to change notification settings - Fork 1
/
SafeOwner.sol
33 lines (25 loc) · 1.27 KB
/
SafeOwner.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
pragma solidity ^0.8.16;
//import "forge-std/console.sol";
import "@openzeppelin/contracts/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
// Consider an Upgradable Contract that exclusively employs functions protected by onlyOwner, without relying on the OwnableUpgradable OZ Library. Instead, it utilizes the standard Ownable library, with the owner being set during the contract's constructor execution.
// Utilizing the Ownable library in an Upgradable contract results in a critical issue: the owner's address is never set to the caller and it is address(0).
// The code presented here is a simulated representation of the actual bug I encountered during an audit.
contract SafeOwner is UUPSUpgradeable, Initializable, Ownable {
bool public collectFee;
address public immutable WBNB;
function _authorizeUpgrade(address newImplementation) internal pure override {
(newImplementation);
// _onlyOwner();
}
constructor(address _wbnb) {
WBNB = _wbnb;
}
function initialize() public initializer {
collectFee = true;
}
function shouldCollectFee(bool _collectFee) external onlyOwner {
collectFee = _collectFee;
}
}