Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-03-LIFINANCE-FINDINGS-ISSUES-189
HistoryMar 30, 2022 - 12:00 a.m.

Risk of centralization

2022-03-3000:00:00
Code4rena
github.com
4
centralization
diamond owner
compromised account
asset drainage
trustless system
dao
multisig
static testing
JSON

Lines of code
<https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/OwnershipFacet.sol#L8-L15&gt;

Vulnerability details

Medium Risk

Risk of centralization

Impact

Diamond owner has too many roles on setting the functions, initiating payable functions.
If the Owner account is compromised, the assets may be drained in this trustless system.

#Proof of Concept
<https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/OwnershipFacet.sol#L8-L15&gt;

Tools Used

Static testing

Recommended Mitigation Steps

Team can consider building the owner account in DAO or multisig.

The text was updated successfully, but these errors were encountered:

All reactions

JSON