Use of Ownable instead of Ownable2Step enables accidental permanent loss of admin control

Both contracts use OpenZeppelin's basic Ownable pattern instead of the safer Ownable2Step variant. This creates a risk of permanent loss of administrative control through accidental ownership transfer to an incorrect or unusable address.

The basic Ownable pattern allows single-transaction ownership transfer via transferOwnership(), which immediately and irreversibly transfers control. If the new owner address is incorrect (due to typos, wrong network, or targeting a contract that cannot call admin functions), the protocol becomes permanently unmanageable.

Given that both contracts have critical owner-controlled functions that manage fund distribution and protocol parameters, loss of ownership would result in:

• Inability to update protocol configuration
• Inability to change fund distribution addresses
• Inability to manage team shares
• Potential permanent freezing of administrative capabilities

Replace Ownable with Ownable2Step in both contracts:

import {Ownable2Step} from "@openzeppelin/contracts/access/Ownable2Step.sol";

contract DPLTeam is Ownable2Step, ReentrancyGuard {
    constructor() Ownable(msg.sender) {}
}

contract PixelLotteryAPE is ReentrancyGuard, Ownable2Step, IVRFSystemCallback {
    constructor(...) Ownable(msg.sender) {}
}

The Ownable2Step pattern requires a two-step process:

1. Current owner calls transferOwnership(newOwner) (ownership becomes pending)
2. New owner must call acceptOwnership() to confirm the transfer

This prevents accidental permanent loss of control by ensuring the new owner address is valid and accessible before the transfer is finalized.

Golden Grid: Confirmed. Will use Ownable2Step for DPLTeam and Role-based AccessControl for the main lottery contract.

Zealynx: Fixed. Agreed with the discussed solution.