3.5 Trust Issue of Admin Keys
ID: PVE-005
Severity: Medium
Likelihood: Medium
Impact: Medium
Target: TGTStaking
Category: Security Features []
CWE subcategory: CWE-287 []
Description
In the Pop protocol, there is a privileged account, i.e., owner, which plays a critical role in governing and regulating the protocol-wide operations (e.g., parameter setting and role assignment). It also has the privilege to affect the flow of assets managed by this protocol. Our analysis shows that the privileged account needs to be scrutinized. In the following, we examine the privileged account and their related privileged accesses in current contracts.
If the privileged admins are managed by a plain EOA account, this may be worrisome and pose counter-party risk to the exchange users. A multi-sig account could greatly alleviate this concern, though it is still far from perfect. Specifically, a better approach is to eliminate the administration key concern by transferring the role to a community-governed DAO. In the meantime, a timelock-based mechanism can also be considered as mitigation.
Moreover, it should be noted that current contracts have the support of being deployed behind a proxy. And there is a need to properly manage the proxy-admin privileges as they fall in this trust issue as well.
Recommendation
Promptly transfer the privileged account to the intended DAO-like governance contract. All changed to privileged operations may need to be mediated with necessary timelocks. Eventually, activate the normal on-chain community-based governance life-cycle and ensure the in- tended trustless nature and high-quality distributed governance.
Status
This issue has been resolved as the owner will be managed by a multi-sig account.
Last updated