The owner is a single point of failure and a centralization risk.

Lines of code Vulnerability details Impact & Vunerability Details. Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure, as this contract's owner can perform roles of high importance to the protocol. A single private key may be taken in a...

Centralization Risks, Rug pull vectors

Lines of code Vulnerability details Impact Owner can mint or burn unlimited tokens, functions can be used to rug pull the project. Proof of Concept Although owner role is supposedly not malicious, if owner's wallet keys are compromised, an attacker could rug the project. Based on the fact that we...

Total loss of funds on owner account compromise

Lines of code Vulnerability details Issue: The vault address may be arbitrarily updated by the owner using setVaultAddress. The owner can also call withdrawAll to move all funds to the vault. Consequence: A malicious owner or owner account compromise can siphon the entire contract's funds to an...

Owner can withdraw all ERC20 tokens using withdrawRedundant

Handle camden Vulnerability details Impact The owner could potentially instantly withdraw all tokens using the withdrawRedundant function, which is probably not intended. Proof of Concept The attack would be that the owner gets compromised. The value of balance would have to be equal to or greate...