Centralization risk
There are four types of privileged accounts for the Token contract:
The minter
The burner
The upgrader
The owner
The minter can mint any number of new PROS tokens to any account.
The burner can burn tokens that were requested to be burned. However, user funds that are requested to be burned are not fully locked since a new burn request with a lower amount can be made to recover the difference. Since a burn request with a zero amount is not allowed, at least one token would be locked in the contract.
The upgrader can upgrade the contract to a new implementation.
The owner has the DEFAULT_ADMIN_ROLE
role and thus can grant or revoke any of the previous roles. In addition, the owner can withdraw the former PROS tokens that have been swapped and transfer them to any receiver. Those tokens can be swapped again against new PROS tokens. The owner is also able to pause and unpause the contract.
The above introduces centralization risks that users should be aware of, as they grant a single point of control over the system.
We recommend that these centralization risks be clearly documented for users so that they are aware of the extent of the owner's control over the contract. This can help users make informed decisions about their participation in the project. Additionally, clear communication about the circumstances in which the owner may exercise these powers can help build trust and transparency with users. Therefore, it is recommended to implement additional measures to mitigate these risks, such as implementing a multi-signature requirement for owner access.