The owner of the contracts has too many privileges relative to standard users.
Users can lose all of their assets if a contract owner private key is compromised.
The contract owner can do the following:
- Upgrade the system's implementation to steal funds
- Upgrade the token's implementation to act maliciously
- Increase the amount of
iTokensfor reward distribution to such an extent that rewards cannot be disbursed - Arbitrarily update the interest model contracts
The concentration of these privileges creates a single point of failure.
It increases the likelihood that the owner will be targeted by an attacker, especially given the insufficient protection on sensitive owner private keys.
Additionally, it incentivizes the owner to act maliciously.
Short term:
- Clearly document the functions and implementations the owner can change.
- Split privileges to ensure that no one address has excessive ownership of the system.
Long term, document the risks associated with privileged users and single points of failure.
Ensure that users are aware of all the risks associated with the system.
- ToB Audit dForce Lending Finding 10
- Access Control
- Contract Owner
- Over-privileged
- Least Privilege
- Documented Risks