Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary, or the single owner can become malicious and perform a rug-pull. Consider changing to a multi-signature setup, and or having a role-based authorization model.
File: contracts/NativeTokenFactory.sol
56: function transferOwnership(uint256 tokenId, address newOwner, bool direct, bool renounce) public onlyOwner(tokenId) {
109: function mint(uint256 tokenId, address to, uint256 amount) public onlyOwner(tokenId) {
127: function batchMint(uint256 tokenId, address[] calldata tos, uint256[] calldata amounts) public onlyOwner(tokenId) {
Lines of code
56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131, 130, 151, 455, 308, 318, 324, 344, 357, 365, 446, 458, 471, 479, 259, 276, 297, 326, 53, 140, 152, 160, 256, 263, 281, 291, 317, 339, 362, 381, 395, 414, 424, 455, 464, 142, 151, 158, 442, 466, 477, 489, 576, 88, 96, 105, 125, 134, 61, 122, 129, 209, 109, 120, 89, 100, 148, 163, 170, 179, 134, 141, 150, 199, 125, 132, 141, 182, 104, 113, 93, 104, 142, 149, 193, 90, 101
Vulnerability details
Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary, or the single owner can become malicious and perform a rug-pull. Consider changing to a multi-signature setup, and or having a role-based authorization model.
Assessed type
other