High Findings
BKT Token Centralization Risk
Severity: High
Ecosystem: Sui
Protocol: Bucket
Auditor: MoveBit
Report Date: June 2023
Description:
The allocate_bkt function has too much authority and can be locked up by anyone, in any amount, and at any time, which creates a risk of centralization.
Recommendation:
Manage BktAdminCap with multi-signature account to mitigate the risk.
Centralization Risk (Aftermath Finance)
Severity: High
Ecosystem: Sui
Protocol: Aftermath Finance LSD
Auditor: MoveBit
Report: https://movebit.xyz/reports/Aftermath-Finance-Liquid-Staking-Derivative-Audit-Report.pdf
Report Date: Nov 2023
Description:
The admin account holds multiple powerful permissions. If compromised, an attacker could manipulate the protocol or its assets. See the full report for a detailed list of admin capabilities.
Centralization Risk (KunaLabs)
Severity: High
Ecosystem: Sui
Protocol: KunaLabs Yield Optimizer
Auditor: MoveBit
Report: https://movebit.xyz/reports/Yield-Optimizer-Final-Audit-Report.pdf
Report Date: Nov 2023
Description:
The admin account holds multiple powerful permissions. If compromised, an attacker could manipulate the protocol or its assets. See the full report for a detailed list of admin capabilities.
Centralization Risk (Scallop)
Severity: High
Ecosystem: Sui
Protocol: Scallop
Auditor: MoveBit
Report Date: Jun 2023
Description:
The admin account holds multiple powerful permissions. If compromised, an attacker could manipulate the protocol or its assets. See the full report for a detailed list of admin capabilities.
Centralization Risk (Lucky Kat)
Severity: High
Ecosystem: Sui
Protocol: Lucky Kat
Auditor: MoveBit
Report Date: May 2023
Description:
There is a centralization risk with privileged accounts able to mint unlimited tokens and burn their token.
Recommendation:
Multi-signature accounts should be set as privileged accounts.
Centralization Risk (Suia)
Severity: High
Ecosystem: Sui
Protocol: Suia
Auditor: MoveBit
Report Date: May 2023
Description:
There is a centralization risk with privileged accounts able to mint unlimited tokens and burn their token.
Recommendation:
Multi-signature accounts should be set as privileged accounts.
Centralization Risk (Volo)
Severity: High
Ecosystem: Sui
Protocol: Volo
Auditor: MoveBit
Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf
Report Date: Sep 2023
Description:
There are some risks of centralization in the contract, the admin can set the total_rewards of the NativePool, which will result in a change in the rate calculation of the contract.
Centralization Risk
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
Excessive admin privileges create a single point of failure; system security heavily depends on the admin’s integrity and key safety.