Ownable2Step: Definition, Smart Contract Example & Audit Notes

Ownable2Step

Ownable2Step is an ownership-transfer pattern where the current owner nominates a pending owner and the pending owner must accept.

Ownable2Step prevents ownership from being accidentally sent to the wrong address.

Ownable2Step Explained in Detail

Ownable2Step makes ownership transfer a two-step process. The current owner sets a pending owner, then the pending owner calls acceptOwnership().

This avoids a common operational mistake: transferring ownership to an address that cannot use it.

Smart contract example

transferOwnership(newOwner);
// later, from newOwner
acceptOwnership();

The old owner remains owner until the pending owner accepts.

Ownable2Step in Auditing

Ownership transfer is a critical admin path. If the wrong caller can accept ownership, or if pending ownership is confused with current ownership, access control can break.

Auditors check both correctness and operational safety.

Red flags in code

acceptOwnership() is callable by anyone.
Pending owner gets privileges before accepting.
Pending owner cannot be cleared or replaced when needed.
Events do not match ownership state.
Upgraded contracts mix custom ownership logic with Ownable2Step incorrectly.

How to test or review it

Confirm only the pending owner can accept.
Confirm old owner remains owner before acceptance.
Test wrong-address acceptance and zero-address edge cases.
Check owner-only functions during the pending period.
Review ownership transfer during deployment and proxy initialization.

Sources

https://docs.openzeppelin.com/contracts/api/access#Ownable2Step