Major Governance and Security Risks Plague High-Volume Cryptocurrency Tokens, Reveals De.Fi Study
Summary:
This article discusses a study by Web3 company De.Fi, revealing that a significant proportion of high-volume cryptocurrency tokens demonstrate major governance risks and lack sufficient security measures. The study scrutinized 429 tokens and found roughly 75% feature hidden owners and wallets with privileged permissions, posing security threats. The research also identified that only 16.6% of reviewed contracts utilized multi-signature wallets for enhanced security. It highlighted that 38% of token contracts are controlled by a wallet or an externally owned account, which can implement contract functions at will, potentially endangering user assets. The article also mentions instances of covert ownership and the rarity of renounced contracts - key aspects in decentralization - among existing tokens.
A substantial share of high-volume cryptocurrency tokens grapples with significant governance concerns, lacking adequate measures to deter security breaches and other threats. So says Web3 company De.Fi in a study, which examined 429 tokens with governance systems and found that nearly three-quarters pose risk due to factors concerning their contracts, such as unseen owners and wallets granted unique permissions. The research shows it's scarce - roughly one in six - of the contracts reviewed that use multi-signature wallets. This type of wallet, requiring up to five distinct private keys to affirm any transaction, is perceived as an instrumental tool for mitigating risks associated with malware and phishing attacks. Furthermore, De.Fi's study discovered that more than a third of the token contracts is overseen by a wallet or an externally owned account. This infers an unrestricted right for the wallet to implement special functions within the contracts whenever it desires. Depending on the permissions given, the severity of risk might vary, the report suggests. It cites examples, stating that if the wallet only has the authority to set a small-scale protocol fee, it doesn't red-flag any danger. However, if it possesses the power to swap key addresses the contract communicates with - like price oracles or vault plans - user assets could be in immediate jeopardy. The report also highlighted that nearly 7% of contracts contained covert ownership, enabling the contract maker to rescind ownership and nullify votes. In rare instances, only one in ten tokens had renounced contracts. By relinquishing the right to tweak the code or governance aspects, the creators actually augment decentralization. Often whole project treasuries' security hinges on a single wallet owner, frequently obscure to participants. This has triggered control vulnerabilities and fraudulent withdrawals amounting to billions of dollars, said Artem Bondarenko, tech chief at De.Fi. It's noteworthy to ponder, however, that while governance factors might indicate a token is potentially at risk, it doesn't automatically spell a security violation. Many governance token corporations maintain robust security operations that may not always be realized in public or on-chain dialogues, reminded Bondarenko. The study also showed that close to 1/7th of the assessed contracts either lacked governance systems completely, or those systems were undisclosed.
Published At
2/9/2024 8:35:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.