Omniscia WagmiDAO Audit
WagmiToken Manual Review Findings
WagmiToken Manual Review Findings
WTN-01M: Overly Centralized Single Point of Failure
Type | Severity | Location |
---|---|---|
Logical Fault | Medium | WagmiToken.sol:L600-L602 |
Description:
The GMI
token is a mintable token whose minter can be arbitrarily set by the token's owner
. This acts as a centralized Single-Point-of-Failure (SPoF) whereby a compromised owner
can set an arbitrary minter and mint an unlimited amount of tokens.
Example:
575/**576 * @dev Transfers mintership of the contract to a new account (`newMinter`).577 * Can only be called by the current owner.578 */579function transferMintership(address newMinter) public virtual onlyOwner {580 require(newMinter != address(0), "Mintable: new minter is the zero address");581 _transferMintership(newMinter);582}583
584/**585 * @dev Transfers mintership of the contract to a new account (`newMinter`).586 * Internal function without access restriction.587 */588function _transferMintership(address newMinter) internal virtual {589 address oldMinter = _minter;590 _minter = newMinter;591 emit MintershipTransferred(oldMinter, newMinter);592}
Recommendation:
Given the design of the overall contract system, we advise the transferMintership
to only be executable once towards the WagmiEarn
token and to not permit further mintership transmissions, ensuring that the token's minting function cannot be compromised.
Alleviation:
The WagmiDAO team opted to retain the current behaviour in place as they should retain the privilege to change the minter in case there is some problem with the current one as otherwise a whole token migration would be necessary. The WagmiDAO has additionally clarified that the owner of the token will be a 24 hour Timelock contract acting as a second layer of security. In light of this information, we consider this exhibit adequately responded to.