Single-Step Ownership Transfer used in contracts
MonadexV1Raffle and MonadexV1Factory inherit OpenZeppelin's Ownable, which uses single-step ownership transfer; an incorrect address in transferOwnership can lock the contract permanently.
Description
The MonadexV1Raffle and MonadexV1Factory contracts currently inherit from OpenZeppelin's Ownable contract, which implements a single-step ownership transfer pattern.
While functional, this pattern lacks a confirmation step for the new owner, which could potentially lead to issues if an incorrect address is provided during transfer.
Impact
The contract could become locked, with no address able to execute onlyOwner functions. This would affect:
- The ability to add or remove supported tokens
- Updates to price feed configurations
- Adjustments to raffle parameters or fees
Recommendation
Consider replacing Ownable with OpenZeppelin's Ownable2Step. This implements a two-step ownership transfer process, adding an extra layer of safety.
