Category: Protocol Risks
Centralization risks
Medium Impact
High Severity
Low Likelihood
Description
All critical configuration and fund-custody operations are guarded solely by onlyOwner. The owner can pause deposits, modify caps, rotate signers, and transfer any ERC-20 balance to treasury via withdrawToTreasury. There is no user-triggered withdrawal path, and no multi-signature or timelock enforcement, so custody fully depends on the owner's honesty and key custody.
function withdrawToTreasury(address token, uint256 amount) external onlyOwner {
IERC20(token).safeTransfer(treasury, amount);
}Impact
If the owner key is compromised or behaves maliciously, all deposited USDC can be redirected without user consent. This trust assumption may be acceptable for a custodial phase but should be clearly communicated to participants as it introduces a single point of failure.
Recommendations
Consider documenting the custodial model and using a multi-sig key custody.