Impact
This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership.
This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner.
Patches
This bug has been patched in v0.16.0.
For more information
If you have any questions or comments about this advisory:
Email us at security@openzeppelin.com
Impact
This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership.
This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner.
Patches
This bug has been patched in v0.16.0.
For more information
If you have any questions or comments about this advisory:
Email us at security@openzeppelin.com