Owner can be a smart contract

Question

Owner can be a smart contract

Closed this issue 5 years ago · 2 comments

Currently, nothing prevents the owner from being a smart contract. In theory, this opens re-entrancy doors as the onlyOwner() modifier can be bypassed in this way. The isContract() check can be used in order to prevent this scenario.

Answer 1 · 2020-05-02T12:56:24.000Z

After examining the contracts carefully, we concluded that no extra damage (than by simply compromising the owner address) can be done by setting the owner as a smart contract.

Answer 2 · 2020-05-06T15:18:07.000Z

We don't believe that there are any new attack vectors by having the owner as a smart contract.