search

code-423n4 / 2022-01-dev-test-repo-findings

2 stars 1 forks source link

The `owner` is a single point of failure and a centralization risk #365

Open code423n4 opened 7 months ago

code423n4 commented 7 months ago

Lines of code

56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131, 130, 151, 455, 308, 318, 324, 344, 357, 365, 446, 458, 471, 479, 259, 276, 297, 326, 53, 140, 152, 160, 256, 263, 281, 291, 317, 339, 362, 381, 395, 414, 424, 455, 464, 142, 151, 158, 442, 466, 477, 489, 576, 88, 96, 105, 125, 134, 61, 122, 129, 209, 109, 120, 89, 100, 148, 163, 170, 179, 134, 141, 150, 199, 125, 132, 141, 182, 104, 113, 93, 104, 142, 149, 193, 90, 101

Vulnerability details

Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary, or the single owner can become malicious and perform a rug-pull. Consider changing to a multi-signature setup, and or having a role-based authorization model.

File: contracts/NativeTokenFactory.sol

56:      function transferOwnership(uint256 tokenId, address newOwner, bool direct, bool renounce) public onlyOwner(tokenId) {

109:     function mint(uint256 tokenId, address to, uint256 amount) public onlyOwner(tokenId) {

127:     function batchMint(uint256 tokenId, address[] calldata tos, uint256[] calldata amounts) public onlyOwner(tokenId) {

File: contracts/Balancer.sol

172      function rebalance(
173          address payable _srcOft,
174          uint16 _dstChainId,
175          uint256 _slippage,
176          uint256 _amount,
177          bytes memory _ercData
178      )
179          external
180          payable
181          onlyOwner
182          onlyValidDestination(_srcOft, _dstChainId)
183          onlyValidSlippage(_slippage)
184:     {

219      function initConnectedOFT(
220          address _srcOft,
221          uint16 _dstChainId,
222          address _dstOft,
223          bytes memory _ercData
224:     ) external onlyOwner {

250      function addRebalanceAmount(
251          address _srcOft,
252          uint16 _dstChainId,
253          uint256 _amount
254:     ) external onlyValidDestination(_srcOft, _dstChainId) onlyOwner {

File: contracts/TapiocaWrapper.sol

115      function executeTOFT(
116          address _toft,
117          bytes calldata _bytecode,
118          bool _revertOnFailure
119:     ) external payable onlyOwner returns (bool success, bytes memory result) {

131      function executeCalls(
132          ExecutionCall[] calldata _call
133      )
134          external
135          payable
136          onlyOwner
137          returns (bool success, bytes[] memory results)
138:     {

154      function createTOFT(
155          address _erc20,
156          bytes calldata _bytecode,
157          bytes32 _salt,
158          bool _linked
159:     ) external onlyOwner {

File: contracts/tOFT/mTapiocaOFT.sol

116      function updateConnectedChain(
117          uint256 _chain,
118          bool _status
119:     ) external onlyOwner {

131      function updateBalancerState(
132          address _balancer,
133          bool _status
134:     ) external onlyOwner {

File: contracts/Vesting.sol

130:     function registerUser(address _user, uint256 _amount) external onlyOwner {

151:     function init(IERC20 _token, uint256 _seededAmount) external onlyOwner {

File: contracts/governance/twTAP.sol

455:     function addRewardToken(IERC20 token) external onlyOwner returns (uint256) {

File: contracts/option-airdrop/AirdropBroker.sol

308      function setTapOracle(
309          IOracle _tapOracle,
310          bytes calldata _tapOracleData
311:     ) external onlyOwner {

318      function setPhase2MerkleRoots(
319          bytes32[4] calldata _merkleRoots
320:     ) external onlyOwner {

324      function registerUserForPhase(
325          uint256 _phase,
326          address[] calldata _users,
327          uint256[] calldata _amounts
328:     ) external onlyOwner {

344      function setPaymentToken(
345          ERC20 _paymentToken,
346          IOracle _oracle,
347          bytes calldata _oracleData
348:     ) external onlyOwner {

357      function setPaymentTokenBeneficiary(
358          address _paymentTokenBeneficiary
359:     ) external onlyOwner {

365      function collectPaymentTokens(
366          address[] calldata _paymentTokens
367:     ) external onlyOwner {

File: contracts/options/TapiocaOptionBroker.sol

446      function setTapOracle(
447          IOracle _tapOracle,
448          bytes calldata _tapOracleData
449:     ) external onlyOwner {

458      function setPaymentToken(
459          ERC20 _paymentToken,
460          IOracle _oracle,
461          bytes calldata _oracleData
462:     ) external onlyOwner {

471      function setPaymentTokenBeneficiary(
472          address _paymentTokenBeneficiary
473:     ) external onlyOwner {

479      function collectPaymentTokens(
480          address[] calldata _paymentTokens
481:     ) external onlyOwner {

File: contracts/options/TapiocaOptionLiquidityProvision.sol

259      function setSGLPoolWEight(
260          IERC20 singularity,
261          uint256 weight
262:     ) external onlyOwner updateTotalSGLPoolWeights {

276      function registerSingularity(
277          IERC20 singularity,
278          uint256 assetID,
279          uint256 weight
280:     ) external onlyOwner updateTotalSGLPoolWeights {

297      function unregisterSingularity(
298          IERC20 singularity
299:     ) external onlyOwner updateTotalSGLPoolWeights {

File: contracts/tokens/BaseTapOFT.sol

326:     function setTwTap(address _twTap) external onlyOwner {

File: contracts/tokens/LTap.sol

53:      function setLockedUntil(uint256 _lockedUntil) external onlyOwner {

File: contracts/tokens/TapOFT.sol

140      function setGovernanceChainIdentifier(
141          uint256 _identifier
142:     ) external onlyOwner {

152:     function updatePause(bool val) external onlyOwner {

160:     function setMinter(address _minter) external onlyOwner {

File: contracts/Penrose.sol

256:     function setBigBangEthMarketDebtRate(uint256 _rate) external onlyOwner {

263:     function setBigBangEthMarket(address _market) external onlyOwner {

281:     function setConservator(address _conservator) external onlyOwner {

291:     function setUsdoToken(address _usdoToken) external onlyOwner {

317      function registerSingularityMasterContract(
318          address mcAddress,
319          IPenrose.ContractType contractType_
320:     ) external onlyOwner {

339      function registerBigBangMasterContract(
340          address mcAddress,
341          IPenrose.ContractType contractType_
342:     ) external onlyOwner {

362      function registerSingularity(
363          address mc,
364          bytes calldata data,
365          bool useCreate2
366      )
367          external
368          payable
369          onlyOwner
370          registeredSingularityMasterContract(mc)
371          returns (address _contract)
372:     {

381      function addSingularity(
382          address mc,
383          address _contract
384:     ) external onlyOwner registeredSingularityMasterContract(mc) {

395      function registerBigBang(
396          address mc,
397          bytes calldata data,
398          bool useCreate2
399      )
400          external
401          payable
402          onlyOwner
403          registeredBigBangMasterContract(mc)
404          returns (address _contract)
405:     {

414      function addBigBang(
415          address mc,
416          address _contract
417:     ) external onlyOwner registeredBigBangMasterContract(mc) {

424      function executeMarketFn(
425          address[] calldata mc,
426          bytes[] memory data,
427          bool forceSuccess
428      )
429          external
430          onlyOwner
431          notPaused
432          returns (bool[] memory success, bytes[] memory result)
433:     {

455:     function setFeeTo(address feeTo_) external onlyOwner {

464:     function setSwapper(ISwapper swapper, bool enable) external onlyOwner {

File: contracts/markets/Market.sol

142:     function setBorrowOpeningFee(uint256 _val) external onlyOwner {

151:     function setBorrowCap(uint256 _cap) external notPaused onlyOwner {

158      function setMarketConfig(
159          uint256 _borrowOpeningFee,
160          IOracle _oracle,
161          bytes calldata _oracleData,
162          address _conservator,
163          uint256 _callerFee,
164          uint256 _protocolFee,
165          uint256 _liquidationBonusAmount,
166          uint256 _minLiquidatorReward,
167          uint256 _maxLiquidatorReward,
168          uint256 _totalBorrowCap,
169          uint256 _collateralizationRate
170:     ) external onlyOwner {

File: contracts/markets/bigBang/BigBang.sol

442      function refreshPenroseFees(
443          address
444:     ) external onlyOwner notPaused returns (uint256 feeShares) {

466      function setBigBangConfig(
467          uint256 _minDebtRate,
468          uint256 _maxDebtRate,
469          uint256 _debtRateAgainstEthMarket,
470          uint256 _liquidationMultiplier
471:     ) external onlyOwner {

File: contracts/markets/singularity/Singularity.sol

477      function refreshPenroseFees(
478          address feeTo
479:     ) external onlyOwner notPaused returns (uint256 feeShares) {

489      function setSingularityConfig(
490          uint256 _lqCollateralizationRate,
491          uint256 _liquidationMultiplier,
492          uint256 _minimumTargetUtilization,
493          uint256 _maximumTargetUtilization,
494          uint64 _minimumInterestPerSecond,
495          uint64 _maximumInterestPerSecond,
496          uint256 _interestElasticity
497:     ) external onlyOwner {

576      function setLiquidationQueueConfig(
577          ILiquidationQueue _liquidationQueue,
578          address _bidExecutionSwapper,
579          address _usdoSwapper
580:     ) external onlyOwner {

File: contracts/usd0/BaseUSDO.sol

88:      function setMaxFlashMintable(uint256 _val) external onlyOwner {

96:      function setFlashMintFee(uint256 _val) external onlyOwner {

105:     function setConservator(address _conservator) external onlyOwner {

125:     function setMinterStatus(address _for, bool _status) external onlyOwner {

134:     function setBurnerStatus(address _for, bool _status) external onlyOwner {

File: contracts/Swapper/UniswapV3Swapper.sol

61:      function setPoolFee(uint24 _newFee) external onlyOwner {

File: contracts/aave/AaveStrategy.sol

122:     function setDepositThreshold(uint256 amount) external onlyOwner {

129:     function setMultiSwapper(address _swapper) external onlyOwner {

209:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/balancer/BalancerStrategy.sol

109:     function setDepositThreshold(uint256 amount) external onlyOwner {

120:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/compound/CompoundStrategy.sol

89:      function setDepositThreshold(uint256 amount) external onlyOwner {

100:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/convex/ConvexTricryptoStrategy.sol

148:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

163:     function setDepositThreshold(uint256 amount) external onlyOwner {

170:     function setMultiSwapper(address _swapper) external onlyOwner {

179:     function setTricryptoLPGetter(address _lpGetter) external onlyOwner {

File: contracts/curve/TricryptoLPStrategy.sol

134:     function setDepositThreshold(uint256 amount) external onlyOwner {

141:     function setMultiSwapper(address _swapper) external onlyOwner {

150:     function setTricryptoLPGetter(address _lpGetter) external onlyOwner {

199:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/curve/TricryptoNativeStrategy.sol

125:     function setDepositThreshold(uint256 amount) external onlyOwner {

132:     function setMultiSwapper(address _swapper) external onlyOwner {

141:     function setTricryptoLPGetter(address _lpGetter) external onlyOwner {

182:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/glp/GlpStrategy.sol

104:     function harvestGmx(uint256 priceNum, uint256 priceDenom) public onlyOwner {

113:     function setFeeRecipient(address recipient) external onlyOwner {

File: contracts/lido/LidoEthStrategy.sol

93:      function setDepositThreshold(uint256 amount) external onlyOwner {

104:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/stargate/StargateStrategy.sol

142:     function setDepositThreshold(uint256 amount) external onlyOwner {

149:     function setMultiSwapper(address _swapper) external onlyOwner {

193:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

File: contracts/yearn/YearnStrategy.sol

90:      function setDepositThreshold(uint256 amount) external onlyOwner {

101:     function emergencyWithdraw() external onlyOwner returns (uint256 result) {

Assessed type

other