Bug Description
Severity: High
Location: Chainvoice.sol (Admin Section)
Description
The smart contract currently lacks fundamental governance and ownership management capabilities. Specifically:
- No Ownership Transfer: The contract does not have any mechanism to securely transfer ownership to a new wallet address.
- No Ownership Renunciation: The current owner cannot renounce ownership to make the contract fully decentralized and immutable.
- Missing Admin Events: Critical state-changing functions like
setFeeAmount and setTreasuryAddress do not emit events.
Impact
- Permanent Loss of Control: If the current owner's private key is compromised, lost, or needs to be rotated to a multi-sig wallet, there is absolutely no way to migrate control. The contract would be permanently stuck or compromised.
- Lack of Transparency: Off-chain systems, indexers, and DApp interfaces cannot track changes to the protocol's fee or treasury address because no events are broadcasted to the blockchain when they change.
Current Behavior
- The
owner variable is permanently set to the deployer in the constructor.
- Calling
setFeeAmount updates the state but remains invisible to off-chain listeners.
Expected Behavior (Resolution)
*Introduce a ownership transfer (transferOwnership and acceptOwnership) to prevent accidental transfers to incorrect or typo'd addresses.
- Implement Renounce: Add a
renounceOwnership function for future decentralization.
- Emit Events: Broadcast
FeeUpdated, TreasuryUpdated, OwnershipTransferStarted, and OwnershipTransferred events whenever admin changes occur.
Steps to Reproduce
No response
Logs and Screenshots
No response
Environment Details
No response
Impact
Critical - Application is unusable
Code of Conduct
Bug Description
Severity: High
Location:
Chainvoice.sol(Admin Section)Description
The smart contract currently lacks fundamental governance and ownership management capabilities. Specifically:
setFeeAmountandsetTreasuryAddressdo not emit events.Impact
Current Behavior
ownervariable is permanently set to the deployer in theconstructor.setFeeAmountupdates the state but remains invisible to off-chain listeners.Expected Behavior (Resolution)
*Introduce a ownership transfer (
transferOwnershipandacceptOwnership) to prevent accidental transfers to incorrect or typo'd addresses.renounceOwnershipfunction for future decentralization.FeeUpdated,TreasuryUpdated,OwnershipTransferStarted, andOwnershipTransferredevents whenever admin changes occur.Steps to Reproduce
No response
Logs and Screenshots
No response
Environment Details
No response
Impact
Critical - Application is unusable
Code of Conduct