F-2024-0009·dead-code

Unused Ownable library import in ProofConsumer contract

Acknowledgedbridgenearrainbow-bridgegithub.com/Near-One/rainbow-token-connector
TL;DR

ProofConsumer imports @openzeppelin/contracts/access/Ownable.sol but does not extend or use the library; the import is dead code.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

The ProofConsumer contract includes an import statement for the Ownable library from OpenZeppelin. However, the contract does not extend Ownable or use any of its functionalities. This import is therefore redundant and may indicate that the Ownable functionality was either forgotten or not needed.

03Section · Impact

Impact

The ProofConsumer contract imports the Ownable library from OpenZeppelin but does not utilize it. This can lead to unnecessary bloat in the contract and potential confusion about the contract's intended functionality.

04Section · Recommendation

Recommendation

Recommendations:

  1. Evaluate necessity: determine if the contract needs to include ownership control.
    • If the contract should include ownership functionality, consider using Ownable2Step for a safer two-step ownership transfer process.
    • If the ownership control is not required, remove the import statement to clean up the code.
  2. Implementing ownership control: if ownership control is needed, update the contract to extend Ownable2Step and implement ownership-specific functions.
  3. Removing unnecessary import: if ownership control is not needed, simply remove the import statement.
05Section · Resolution

Resolution

Unresolved.

ZEALYNX SECURITY · published 2024-06-03
F-2024-0009

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx