-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add zero address check in Ownable2Step’s transferOwnership function #5224
Comments
On the other hand, this might not be fully backward compatible, as someone could be using transferOwnership(0) to cancel a pending ownership transfer. In that case, what do you think about documenting this behavior and adding corresponding tests to handle the scenario of canceling an ownership transfer with the zero address? |
Yeah, I think the most point is just like you said, |
Hello @PurrProof
That is incorrect. If a transfer has been initiated, the pending owner is set, and the current owner wants to cancel that transfer, then doing In that case, we could imagine emitting a different event. This would be a backward incompatible change though. |
Yes, thank you, we've discussed this in the previous comments. Could you please take a look at the proposed PR? A comment has been added to the Ownable2Step contract, and the tests have been updated for the zero address case. |
🧐 Motivation
In the
Ownable2Step
contract, thetransferOwnership
function does not check if thenewOwner
address is the zero address. While it's true that the zero-address owner cannot complete the second step to accept ownership, initiating the transfer to the zero address is a meaningless action. In theOwnable
parent contract, this check is enforced, and for consistency and clarity, it would make sense to implement the same check inOwnable2Step
.📝 Details
The
Ownable2Step
contract allows callingtransferOwnership
with a zero address, as seen here:However, in the
Ownable
parent contract, a check is included to ensure thenewOwner
is not the zero address, as seen here:While initiating a transfer to the zero address in
Ownable2Step
doesn't lead to incorrect behavior (since the zero address can't accept ownership), it's still a pointless action. Since we already prevent this in theOwnable
contract, it would be more consistent and logical to include the same validation inOwnable2Step
.If this suggestion is agreeable, I’d be happy to submit a PR for it.
The text was updated successfully, but these errors were encountered: