DYOR Crypto Wiki
Advertisement

After great community collaboration DYOR has rebranded into CryptoWiki.me 🥳 a moment to celebrate!

From now on all new information will be added within the CryptoWiki.mecommunity website! No longer over here. So be sure to move over to stay on top of new research developments!

Same content - better & cleaner experience 🤝

DYOR started out in 2015 on Fandom and has now grown to ~3500 pages on CryptoWiki.me 🤩

All the information that you can find in these pages is public knowledge with sources provided. The community is encouraged to add truthful and unbiased entries to further this body of work.

Follow @cryptowiki_me on Twitter to be up to date on pages being created or edited.

Basics

  • Aka Access Control, as DeFi Safety puts it. They also wrote about how a balance can look like and which aspects should be public.
  • The private key that holds control over a smart contract containing funds of users of the particular DApp. Blockchains have the beauty of decentralization and self control of funds, however, DApps are created by smart contracts which are deployed by a developer or a team. This contract has 1 private key as controller. This takes away a lot of the trustlessness of blockchain technology. Some projects therefor 'give over' the keys to the community, or create a multisig wallet with the keys and elect well known community members to hold these keys. Some other projects burn the keys, which means that their contract (protocol) cannot easily update, but has to deploy new contracts to which users can chose to migrate.
  • Having an admin key gives risks to what are called 'rug pulls', where a team member can take away all the funds out of the smart contract and disappear.
  • From Bankless (26-10-2020)

"Admin key risk is the risk that the original deployers of a contract hold the admin keys to the contract, and thus aren’t trustless because it fails John Adlers rule #2: no one else can access your money."

"The majority of popular defi protocols have some form of centralized control that enables specific ‘administrator’ addresses to intervene in powerful ways.

This has some security benefits, but it means that you have to trust the administrator(s) not to abuse their privileges. It also adds the risk of an attacker gaining access to an administrator’s private keys, and all the privileges that come with them.

An administrator account can take several possible forms, including a single address, a multisig wallet, or even be a DAO controlled by a voting process.

  1. What special actions can administrators take?
    • Pausing the system?
    • Modifying balances?
    • Whitelisting/blacklisting of tokens and/or users?
    • Upgrading a subset of the system.
    • Upgrading all of the system (which is equivalent to omnipotence).
    • Anything else?
  2. Which of these actions ones do and do not have a time delay on them?
  3. If there is a time delay, how long is that time delay?
  4. How many people have administrator privileges?
  5. How many of those admins must approve before some action is taken?
  6. Are any administrative actions controlled by on-chain governance (ie. a DAO)?
  7. Where can I stay up to date about proposed changes to the protocol?

Some of this information is already being tracked at DefiWatch."

Advertisement