Centralization risks
There are several types of privileged accounts for the Singularity contracts, as owners of different types of contracts:
Verifier hub
Asset pools
Asset managers
Fee manager
Keyring manager
Merkle tree operator
Relayer hub
An attacker gaining access to most of these privileged accounts could use them to drain the asset pools of funds or do other damage:
The owner of a verifier hub can change the verifier contract for the different circuit names. This allows replacing the verifier with one that passes for the attacker's proofs, so that the attacker can, for example, mint notes with arbitrary amounts.
The owner of an asset pool can register asset managers for it, and asset managers can release funds from the asset pool directly.
The owner of an asset manager can change the address used for various other contracts, such as the verifier hub. By changing the verifier hub to a contract the attacker controls, they can again make any of their proofs succeed, thereby for example minting arbitrary notes.
The owner of the fee manager can withdraw collected service fees. Furthermore, they can set the service fee. By setting it to 100%, they will capture all of the value in withdrawals until this is fixed.
The owner of the keyring manager can disable keyring checks and change the keyring policy ID.
The owner of the Merkle tree operator can set the enabled asset managers, which in turn can add notes to the Merkle tree. Using this, an attacker could add notes for arbitrary amounts.
The owner of the relayer hub can add and remove relayers. Removing all relayers would make it impossible to withdraw funds from the darkpool.
Singularity informed us that the above contract owners will be multi-sig wallets. We simply note the above centralization risks here as the verification of the multi-sig mechanism and security of key custody is beyond the scope of this audit.