Centralization risk: contract have a single point of control

[code423n4]

Lines of code

https://github.com/reserve-protocol/protocol/blob/df7ecadc2bae74244ace5e8b39e94bc992903158/contracts/plugins/mocks/EasyAuction.sol#L129

Vulnerability details

Impact

Centralization risks are weaknesses that malevolent project creators as well as hostile outside attackers can take advantage of. They may be used in several forms of attacks, including rug pulls and infinite minting vulnerabilities.

Proof of Concept

Finding

• contracts/plugins/mocks/EasyAuction.sol#L129

function setFeeParameters(uint256 newFeeNumerator, address newfeeReceiverAddress)
        public
        onlyOwner
    {

Tools Used

• Private self-made tool for static analysis
• Manual Review, Remix IDE

Recommended Mitigation Steps

Some solutions include:

• implementing timelocks
• multi signature custody

See also What is Centralization Risk?

[c4-judge]

0xean marked the issue as unsatisfactory: Insufficient quality