Centralisation risks: The owner is a single point of failure
Summary
The Beedle protocol, in its current state, manifests a single point of failure due to the over-centralization of authority. The contract owner can manipulate critical functions, which can be potentially harmful as it can lead to a system disruption if the owner is compromised or malicious.
Vulnerability Details
Take the Beedle.sol contract for example, the mint function is subject to this vulnerability. This function is tagged with the onlyOwner modifier which means that only the contract owner has the capability to execute this function.
Take a look at Beedle.sol#L36-L38
The issue here is that if the owner's keys are compromised, an attacker can exploit these critical functions. The attacker can mint an arbitrary amount of tokens, which would lead to significant disruption of the system, token devaluation, and subsequent financial losses for the token holders.
Additionally if the owner is set to an EOA and not a multisig, the issue could even be worse
Impact
Unexpected system disruption and potential financial losses for users.
Tools Used
Manual Audit
Recommended Mitigation
Consider introducing a multi-signature requirement for calling the mint function. This distributes control over critical functions across multiple trusted entities, reducing the single point of failure risk.
Additional Note
The centralization concerns submitted have been flagged as a medium-severity risk in previous contest's discussions, emphasizing the need for awareness amongst users, also the admin privileges issues attached in the discussion link should be checked and relayed to users in the case one affects the Beedle.fi protocol, so users are aware
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.