Assessment reportsPublic findings
Back to Zellic site
Assessment reports>SAX>Discussion>Centralization risk
GeneralOverview
Findings
High (1)
Medium (1)
Informational (1)
DiscussionUnused and redundant fields of structures Checks-effects-interactions patternRedundant if conditions in `getSellPrice` functionCentralization riskInitial mint sellableToken creator can set viralityIncomplete test coverageToken share rounding errors
Threat ModelWhat are threat models?BondingViralityController.solMerkleTokenShare.sol
Audit ResultsSummary

Centralization risk

There are three types of privileged accounts for the BondingViralityController contract:

  • The owner

  • The viralityScoreUpdater

  • The users on the allowlist

The users on the allowlist can create new tokens but have otherwise no special powers.

The viralityScoreUpdater is able to call updateViralityScores to update the virality score for any registered token. An attacker gaining access to the viralityScoreUpdater could use this to drain all liquidity in the contract; by setting virality to zero, buying a lot of tokens at zero cost, setting virality to a high value, and then selling their tokens again, they can extract (part of) the liquidity held by the contract for each token. By repeating this, all liquidity can be drained.

The owner has the same powers as the viralityScoreUpdater but can additionally claim and withdraw different types of fees/yield and set the viralityScoreUpdater and various other settings. For example, the owner can use the togglePaused function to pause and unpause contract state to enable or disable trading. This can lead to the blocking of user funds if it is impossible to sell tokens.

The owner could also use updateTokenShares to drain all liquidity from the contract by submitting the payment token as the token and a Merkle tree that includes shareBbps adding up to more than BPS_MAX, all made out to the owner. See also ref for background on this.

The above introduces centralization risks that users should be aware of, as it grants a single point of control over the system. We recommend that these centralization risks be clearly documented for users so that they are aware of the extent of the owner's control over the contract. This can help users make informed decisions about their participation in the project. Additionally, clear communication about the circumstances in which the owner may exercise these powers can help build trust and transparency with users. Therefore, it is recommended to implement additional measures to mitigate these risks, such as implementing a multi-signature requirement for owner access.

Zellic © 2024Back to top ↑