Impact
An escrow can be re-initialized after a call to renounce_ownership, rendering the funds inaccessible.
The initialize checks for a non-zero admin, which renounce_ownership erases. This potentially allows bricking the remaining funds in the escrow by re-initializing it. The re-initialization doesn't allow stealing funds from the escrow.
We have verified the live escrows on Ethereum mainnet and have found none affected.
Patches
The issue has been patched by adding an initialized variable instead of using an unrelated variable.
Workarounds
If you use a non-patched version, avoid using the renounce_ownership feature.
Acknowledgements
A bounty has been issued to Bunny Girl for finding and responsibly disclosing the issue.
For more information
Impact
An escrow can be re-initialized after a call to
renounce_ownership, rendering the funds inaccessible.The
initializechecks for a non-zeroadmin, whichrenounce_ownershiperases. This potentially allows bricking the remaining funds in the escrow by re-initializing it. The re-initialization doesn't allow stealing funds from the escrow.We have verified the live escrows on Ethereum mainnet and have found none affected.
Patches
The issue has been patched by adding an
initializedvariable instead of using an unrelated variable.Workarounds
If you use a non-patched version, avoid using the
renounce_ownershipfeature.Acknowledgements
A bounty has been issued to Bunny Girl for finding and responsibly disclosing the issue.
For more information