Centralization risk

There are two types of privileged accounts for the Memecoin Launcher:

• The owner

• The fee recipient

Users can create new tokens but have otherwise no special powers.

The fee recipient has no special power, but it may revert during certain swap operations, preventing some operations to successfully happen. They are also able to censor some forum posts, as described in Finding ref↗.

The owner can withdraw tokens or ETH with the functions recoverToken and recoverETH to drain all liquidity from the contract. They can also change the fee amounts, the DEX router, and the fee recipient at any moment with the setConfig function. Finally, the owner can upgrade the contract and completely change its behavior, up to and including performing any external call from it.

The above introduces centralization risks that users should be aware of, as it grants a single point of control over the system.

We recommend that these centralization risks be clearly documented for users so that they are aware of the extent of the owner's control over the contract. This can help users make informed decisions about their participation in the project. Therefore, it is recommended to implement additional measures to mitigate these risks, such as implementing a multi-signature requirement for owner access and defining the contract as pauseable, to prevent user launching or trading tokens during an emergency, and allowing withdrawal only at that time. Additionally, clear communication about the circumstances in which the owner may exercise these powers can help build trust and transparency with users.