This function represents a substantial centralization risk because admin can completely reset the bonds attached to the contract, thereby making all operators lose their staked amount.
Impact
Admin / hacked account can reset the HolographOperator contract, making operators lose their entire stake.
NOT PART OF FINAL CODE !!! on Line #276 makes it pretty clear that this is not part of the production code. It was left intentionally for our team to be able to make some upgrades possible during our development/testing.
Lines of code
https://github.com/code-423n4/2022-10-holograph/blob/f8c2eae866280a1acfdc8a8352401ed031be1373/contracts/HolographOperator.sol#L278
Vulnerability details
Description
In HolographOperator, the following function is implemented:
This function represents a substantial centralization risk because admin can completely reset the bonds attached to the contract, thereby making all operators lose their staked amount.
Impact
Admin / hacked account can reset the HolographOperator contract, making operators lose their entire stake.
Tools Used
Manual audit
Recommended Mitigation Steps
Remove the function altogether.