Description

The contract grants many permissions to the owner. These include the following:

• Pausing/unpausing the contract, potentially stopping the protocol

• Setting the migrator, which can be used to steal funds from unsuspecting users

• Recovering tokens sent to the contract that are not supported — a malicious owner may not return the funds

Impact

As mentioned above, a compromised owner account can permanently halt the protocol, causing users' deposited tokens to be frozen, or maliciously configure the migrator contract to steal users' funds. This poses some centralization risk and requires extra trust from the user.

Recommendations

Protect the owner account appropriately, one suggestion being via a multisig wallet, or design the protocol to be less centralized.

Remediation

SatLayer acknowledged this risk and plans to transfer ownership of the contract to a multi-signature wallet and consider implementing a time lock governor.