Centralization Risk Due to Ownable Privileges (Unilateral Control → Potential Abuse or Misuse of Funds) And Governance issue

Description

• The OrderBook contract inherits from Ownable, giving a single externally owned account (EOA) complete control over several sensitive admin operations. These include:

• Whitelisting or removing allowed tokens.

• Withdrawing collected protocol fees.

• Executing emergency withdrawals of arbitrary ERC20 tokens.

Such powers can lead to complete asset drainage, trading manipulation, or loss of user trust if misused.

Risk

Likelihood:

• Very common pattern: Many contracts start with Ownable during development or MVP.

• However, the likelihood of abuse depends on:

  • The intent and identity of the owner (EOA or multisig?).

  • Whether there's a governance plan in place.

  • If the contract is upgradeable or mutable through owner-only functions.

Impact:

• Users must trust the contract owner not to abuse these privileges.

  Owner can:

  Enable malicious tokens via setAllowedSellToken().

  ​

  Withdraw all user funds in case of emergency access misuse.

  ​

  Redirect accumulated protocol fees without community oversight.

  This risk could discourage participation in a decentralized finance context.

Proof of Concept

Recommended Mitigation

* Introduce multi-signature ownership via a Gnosis Safe or similar mechanism.

• Emit detailed events for all privileged operations (already partially done).

• Add role-based access control using OpenZeppelin’s AccessControl instead of a single owner, if granularity is needed.

• Consider implementing DAO governance or time-locks for: