Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Mantle>Discussion>Centralization risk
GeneralOverview
Findings
High (1)
Low (1)
Informational (2)
DiscussionCentralization riskOwnership transfer
Threat ModelsWhat are threat models?L1MantleToken.solL1StandardBridge.solL2StandardBridge.solMantleTokenMigrator.sol
Audit ResultsSummary

Possible centralization issue

The sweepTokens function gives the owner the ability to transfer any amount of tokens (except BIT and MNT) to any external address.

function sweepTokens(address _tokenAddress, address _recipient, uint256 _amount) public onlyOwner {
    // we can only sweep tokens that are not BIT or MNT to an arbitrary addres
    if ((_tokenAddress == address(BIT_TOKEN_ADDRESS)) || (_tokenAddress == address(MNT_TOKEN_ADDRESS))) {
        revert MantleTokenMigrator_SweepNotAllowed(_tokenAddress);
    }
    ERC20(_tokenAddress).safeTransfer(_recipient, _amount);

    emit TokensSwept(_tokenAddress, _recipient, _amount);
}

Although this is done to rescue tokens that are accidently sent to this contract, there is a possible centralization risk.

Zellic © 2024Back to top ↑