Judge has assessed an item in Issue #9 as Medium risk. The relevant finding follows:
Centralized risk
The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts.
If the private key of the owner or minter address is compromised, the attacker will be able to mint an unlimited amount of tokens, or burn from arbitrary addresses.
operator can mint and burn arbitrary tokens. I believe this is unnecessary and poses a serious centralization risk.
Recomendation:
Consider reduce centralization risks with timelock contracts.
Affected source code:
JeeberC4
commented
2 years ago
Judge has assessed an item in Issue #9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts.
If the private key of the owner or minter address is compromised, the attacker will be able to mint an unlimited amount of tokens, or burn from arbitrary addresses.
operator can mint and burn arbitrary tokens. I believe this is unnecessary and poses a serious centralization risk.
Recomendation:
Consider reduce centralization risks with timelock contracts. Affected source code:
VE3Token.sol#L26-L36 VeToken.sol#L23-L33 DepositToken.sol#L26-L36