0x-r4bbit
commented
12 months ago As of https://github.com/logos-co/optimism-bridge-snt/commit/c76ba5b946d67b070cd39f1f88dafa319202ff5a, the controller is using Ownable2Step, do you think this can be closed then?
Ownable2Step allows for declining ownership
The MiniMeToken has several permissionless perks, but currently the entire system can be compromised by a single entity which is the owner of SNTPlaceHolder (current controller). That’s because it can change the SNT’s controller to an arbitrary address, and the controller can mint infinite/burn by any amount. Use most safeguards, or even configure it to be the DAO itself. Consider issue Info-03, to remove unnecessary power from the Controller entity.