MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Centralization risk for trusted owners

mishraji874

Description: The ContestManager contract has a centralization risk due to its reliance on the onlyOwner modifier. This means that the contract's critical functions can only be executed by the owner. This includes creating, funding, and closing contests, which centralizes control and decision-making power in a single entity or account.

Impact:

  • Single Point of Failure: If the owner loses access to their account (e.g., private key compromise), the contract's functionality could be disrupted.

  • Malicious Actions: The owner could potentially act maliciously, such as misappropriating funds or manipulating contest outcomes.

  • Lack of Transparency: Participants in the contests may have reduced trust due to the centralized control.

Proof of Concept: The following functions in the ContestManager contract demonstrate centralization risk:

  • ContestManager::createContest: Only the owner can create new contests.

  • ContestManager::fundContest: Only the owner can fund contests.

  • ContestManager::closeContest: Only the owner can close contests.

Example of centralization in code:

function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)
public
onlyOwner
returns (address)
{
// Owner-only action
}
function fundContest(uint256 index) public onlyOwner {
// Owner-only action
}
function closeContest(address contest) public onlyOwner {
// Owner-only action
}

Recommended Mitigation: Decentralized Governance: Implement a multi-signature wallet or DAO (Decentralized Autonomous)

Updates

Lead Judging Commences

equious Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.