Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Definitive LLSD>Discussion>Centralization risk
GeneralOverview
Findings
Low (1)
DiscussionCentralization riskNo salts when calculating hashesTransfer-limit griefing
Threat ModelWhat are threat models?LLSD_EthereumAaveV3Balancer_wstETH_WETH.solMultiUserLLSDStrategy.sol
Audit ResultsSummary

Centralization risk

There are several aspects of the contracts that are centralized, which could be dangerous in case of a security compromise or interruption of service.

The contracts are all upgradable, which allows a compromised Definitive key to steal user funds by upgrading the contract to withdraw and deposit to an attack address.

If the Definitive signing service is ever out of service, users would be unable to withdraw their funds for the duration as a signature is required to withdraw.

Zellic © 2024Back to top ↑