DittoETH

Summary

Several critical functionality relies on admin role that has overpowered privileges

Vulnerability Details

There are several critical access controlled functionality, features, and parameter changes that rely on DAO or admin. whereas the DAO is decentralized e.g it may be multisig, governance,votes, many individuals etc. There is no guarantee admin is not a single address, single account or single point of failure.

The admin role has the ability to set unstake fees, set withdrawal fees bridges, set minimum bid and ask values, set TAPP fee percentages, set liquidation times, set matched rates, set collateral ratios, set tithes etc as in the example links provided.

While these functions require DAO or admin. DAOs tend to be slow especially if involving governance, voting, decision making, executions etc which implies admin has more flexibility and ability to control the project/protocol faster than the DAO

Impact

Overpowered admin role is a single point of failure
Admin role can execute decisions that overwrite DAO decisions e.g DAO goes through complex process and time to set new fees and immediately admin restores old fee.

Tools Used

Manual Analysis

Recommendations

admin not be a single account but e.g Multisig
recommended admin may be a subcommittee of the DAO
recommended admin role be renounced or completely removable so that when DAO matures this role not necessary