20,000 USDC
View results
Submission Details
Severity: medium

The `owner` is a single point of failure and a centralization risk

Summary

The owner role has a single point of failure and onlyOwner can use critical functions, posing a centralization issue.

Vulnerability Details

Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary.

Code Snippet

file: Ownable.col
19: function transferOwnership(address _owner) public virtual onlyOwner {
file: Beedle.sol
36: function mint(address to, uint256 amount) external onlyOwner {
file: Lender.sol
84: function setLenderFee(uint256 _fee) external onlyOwner {
92: function setBorrowerFee(uint256 _fee) external onlyOwner {
100: function setFeeReceiver(address _feeReceiver) external onlyOwner {

Impact

There is always a chance for owner keys to be stolen, and in such a case, the attacker can cause damage to the project due to important functions.

Tools Used

Manual

Recommendations

Consider changing to a multi-signature setup, or having a role-based authorization model.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.