Description

The majority of the project's functions are only callable by privileged accounts, such as the OperatorManager. This architectural approach is atypical in the DeFi space and raises concerns about heightened centralization risks.

For example, in Ledger, similar to issue ref↗, there are functions whose inputs are taken for granted and not explicitly validated in code. The team has stated that this is due to the facts that the functions are only callable by off-chain controlled components and that these components are performing the necessary checks.

We believe that it is good practice to validate all function inputs on chain, regardless of whether the function is only callable by off-chain controlled components or not. This, in turn, would increase the transparency of the system and make it easier to be verified from a security standpoint. Moreover, it would also reduce the room for error in the off-chain components, as the on-chain code would be performing the necessary checks as well.

Impact

Unexpected behavior may occur if the function inputs are not properly validated. This may, in turn, lead to loss of funds or other critical issues down the line, depending on the affected functionality.

Recommendations

As a general rule of thumb, we recommend validating all function inputs and actions on chain, regardless of whether the function is only callable by off-chain controlled components or not.

Remediation

The team has acknowledged this issue and have stated that they are performing necessary checks off chain.