Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chateau>High findings>Centralization risks
GeneralOverview
Findings
Critical (3)
High (1)Centralization risks
Informational (2)
DiscussionMultiple variables have typos in their namesAdditional checksStates not updatedUser is not AmericanAdditional concerning areas
Threat ModelWhat are threat models?Share.solStakingPool.solUSDT.solVaultPool.sol
Audit ResultsSummary
Category: Protocol Risks

Centralization risks

High Severity
Medium Impact
Low Likelihood

Description

The StakingPool contract has a few centralization risks that could potentially lead to a single point of failure or to a single entity having too much control over the pool's operations. For example, the withdraw function allows the owner to withdraw all the liquidity from the pool, and the setRate function allows the owner to change the rate at which redeemToken is swapped for issueToken.

In StakingPool:

function withdraw() public onlyOwner {
    uint balance = issueToken.balanceOf(address(this));
    issueToken.safeTransfer(msg.sender, balance);
    indexStar = indexEnd;
    pendingLiquidation = 0;
    emit AdminWithdraw(msg.sender, balance);
}

function setRate(uint _rate) public onlyOwner {
    rate = _rate;
    emit RateChange(_rate);
}

In VaultPool:

function withdraw() public onlyOwner {
    uint balance = issueToken.balanceOf(address(this));
    issueToken.safeTransfer(msg.sender, balance);
    _pause();
    emit AdminWithdraw(msg.sender, balance);
}

Impact

The owner of the StakingPool and VaultPool contracts has the ability to withdraw all the liquidity from the pool and to change the rate at which redeemToken is swapped for issueToken. In the case where a malicious actor gets control of the owner's account, this could potentially lead to a rug pull or to the owner manipulating the pool's swap rates to their advantage.

Recommendations

We recommend reevaluating the withdraw and setRate functions to ensure that the owner's control over the pool's operations is limited and that the pool's liquidity is not at risk of being withdrawn by the owner. This could be achieved by removing the withdraw function or enforcing an in-contract timelock. Additionally, we recommend implementing a more timelocked approach to changing the rate at which redeemToken is swapped for issueToken to prevent the owner from manipulating the pool's swap rates to their advantage very quickly.

Remediation

Chateau Capital states that the centralization aspect is required in order to withdraw the stakes and trade them into real-world assets. They will also use a multi-sig account to control the owner account.

Chateau Capital provided the following list of trust assumptions their users should consider when purchasing tokens.

Tokens issued by Chateau Protocol represent shares in an issuing entity, or fund. Investors who participate in token issuances on chateau.capital are placing trust in the integrity of the token offering as stipulated in the offering document, and have full legal recourse against the issuing entity, which may be Chateau Capital Corp. or other parties using Chateau's platform.

To mitigate smart contract risk, Chateau utilizes a 2/3 Multisig for $CHAD.D, and strive to move stablecoins out of the contract as soon as possible during issuance windows. Custody of the underlying instruments are held with the issuing fund, or professional custody firms, with the issuer providing ongoing updates to token holders. Token investors can also contact the Issuer at any time for up to date audits of the underlying assets.

Chateau will also apply for Virtual Asset licenses in several jurisdictions to enhance compliance.

Zellic © 2024Back to top ↑