During the code review, It has been observed that access control mechanisms are checked with the following line.
LibDiamond.enforceIsContractOwner();
The withdraw gaves abilitiy to contract owner extract all funds are sent to contract. This poses centralization risk.
Code Review
We advise the client to carefully manage the onlyMasterMinter account private key to avoid any potential risks
of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be
improved via a decentralized mechanism or smart-contract-based accounts with enhanced security
practices, e.g., Multisignature wallets.
The text was updated successfully, but these errors were encountered:
All reactions