Severity: Medium
Description
Authenticated users can exert significant control over the system. For example, a malicious insider with access to the deployment wallet could have the ability to siphon funds by adding a new attacker-controlled address as a handler and rebalancing dToken contracts to move tokens to this address. This degree of centralization also requires users to place a lot of trust in dForce that they will act in their best interests.
Recommendation
Renounce ownership from the deployment wallet and ensure only multi-sig wallets are authorized to the current system.
Long term, investigate potential methods of decentralizing the system.
Severity: Medium
Description
Authenticated users can exert significant control over the system. For example, a malicious insider with access to the deployment wallet could have the ability to siphon funds by adding a new attacker-controlled address as a handler and rebalancing dToken contracts to move tokens to this address. This degree of centralization also requires users to place a lot of trust in dForce that they will act in their best interests.
Recommendation
Renounce ownership from the deployment wallet and ensure only multi-sig wallets are authorized to the current system.
Long term, investigate potential methods of decentralizing the system.