Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Singularity>Discussion>Centralization risks
GeneralOverview
Findings
Critical (8)
High (3)
Medium (5)
Low (3)
Informational (5)
DiscussionSome specifications are inaccurateMiMC hash-length extension attackBN254 security levelReturn value of `uniswapLiquidityProvision`Assumption on non-fungible position identifiersRemoved Uniswap positions are keptGas saving in MerkleTreeOperatorGas savings and specification of Mimc254Confusing argument orderCentralization risks
Audit ResultsSummary

Centralization risks

There are several types of privileged accounts for the Singularity contracts, as owners of different types of contracts:

  • Verifier hub

  • Asset pools

  • Asset managers

  • Fee manager

  • Keyring manager

  • Merkle tree operator

  • Relayer hub

An attacker gaining access to most of these privileged accounts could use them to drain the asset pools of funds or do other damage:

  • The owner of a verifier hub can change the verifier contract for the different circuit names. This allows replacing the verifier with one that passes for the attacker's proofs, so that the attacker can, for example, mint notes with arbitrary amounts.

  • The owner of an asset pool can register asset managers for it, and asset managers can release funds from the asset pool directly.

  • The owner of an asset manager can change the address used for various other contracts, such as the verifier hub. By changing the verifier hub to a contract the attacker controls, they can again make any of their proofs succeed, thereby for example minting arbitrary notes.

  • The owner of the fee manager can withdraw collected service fees. Furthermore, they can set the service fee. By setting it to 100%, they will capture all of the value in withdrawals until this is fixed.

  • The owner of the keyring manager can disable keyring checks and change the keyring policy ID.

  • The owner of the Merkle tree operator can set the enabled asset managers, which in turn can add notes to the Merkle tree. Using this, an attacker could add notes for arbitrary amounts.

  • The owner of the relayer hub can add and remove relayers. Removing all relayers would make it impossible to withdraw funds from the darkpool.

Singularity informed us that the above contract owners will be multi-sig wallets. We simply note the above centralization risks here as the verification of the multi-sig mechanism and security of key custody is beyond the scope of this audit.

Zellic © 2024Back to top ↑