The owner is a single point of failure and a centralization risk

[hats-bug-reporter[bot]]

Github username: @saidqayoumsadat Submission hash (on-chain): 0xd1fb4bc8c511cebae1c60963c1bf2ad21c027f5b9a0fdd1463c1b05fdf2ea4d2 Severity: medium

Description: Description

Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary, or the single owner can become malicious and perform a rug-pull. Consider changing to a multi-signature setup, and or having a role-based authorization model.

file: /contracts/DappnodeSmoothingPool.sol

573    function initSmoothingPool(
        uint64 initialSmoothingPoolSlot
575    ) external onlyOwner {

611     function updatePoolFeeRecipient(
        address newPoolFeeRecipient
612    ) external onlyOwner {

https://github.com/hats-finance/Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L573-L575

[invocamanman]

The owner is meant to be a multisig. And the smart contract allows it. Also remember that the owner cannot rug-pull anything. Only can tweak parameters. Only the governance is able to actually rug pull the system.