dinesh
medium
The onlyOwner modifier in the function causes some security issues
At https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/libraries/resolver/Lib_AddressManager.sol#L32 https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/messaging/L1CrossDomainMessenger.sol#L99
function setAddress(string memory _name, address _address) external onlyOwner {
bytes32 nameHash = _getNameHash(_name);
address oldAddress = addresses[nameHash];
addresses[nameHash] = _address;
emit AddressSet(_name, _address, oldAddress);
}It's important to ensure that the owner-granting mechanism itself is secure as if an attacker were to gain control of the owner's address they would be able to execute this function.
function setAddress(string memory _name, address _address) external onlyOwner {
bytes32 nameHash = _getNameHash(_name);
address oldAddress = addresses[nameHash];
addresses[nameHash] = _address;
emit AddressSet(_name, _address, oldAddress);
}Manual Review
Use a more secure mechanism for granting and revoking ownership: Instead of using a single address variable to represent the contract owner, consider using a multisignature mechanism or a time-locked contract that requires multiple parties to confirm ownership changes.