Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

We analyzed Worldcoin's token $WLD smart contract 0x163f8c2467924be0ae7b5347228cabf260318753 and found some security concerns. Here are risks that you should keep alert.

Centralized Risks

The mintOnce Function

The contract implements a centralized minting mechanism mintOnce, allowing the owner to mint tokens to multiple addresses in one transaction. This one-time function has already been called by the current owner. The current owner is a 1/1 multisig wallet contract 0x59a0f98345f54bAB245A043488ECE7FCecD7B596, with only one owner eth:0xc534a745bFfaF9466Ed7B47fA23B0177b99A3e77. This means only one signature is needed to represent the owner to perform privileged operations.

The setMinter Function

In addition, the contract also implements the setMinter function, allowing the owner to set a minter address. Currently the minter is zero address.

The mintInflation Function

If the owner sets a non-zero minter, the minter can arbitrarily call mintInflation to mint unlimited tokens to any address.

Token Distribution

Statistics show the first 6 addresses already hold 94.5% of the total supply. This indicates a highly centralized token distribution.

In summary, the token contract has the following security risks:

The owner currently has only one signer, which reduces security control over the owner account.
There is a risk of unlimited token minting after a minter is set.
The token distribution is overly centralized with the top 6 addresses holding most tokens.

To mitigate these risks, here are our security suggestions:

Increase the number of signers for the owner to enforce multi-sig management.
Disable arbitrary settings of minters to prevent unlimited minting.
Adopt vesting or continuous distribution to reduce the centralization of token distribution.

Security is the cornerstone of a healthy blockchain ecosystem. We will continue monitoring project security, performing timely security risk alerts, to jointly maintain the security of blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Recently Searched

Hot Coins

Trending

Daily Must-Read

Welcome Back

Join CoinTime

Sign in with email

Sign up with email

Check your inbox

Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

Centralized Risks

Token Distribution

All Comments

Recommended for you

A look at the key developments from midday on September 14th

Bitcoin spot ETFs saw net inflows of $2.34 billion last week, marking the third consecutive week of net inflows.

The value of Bitcoin held by public companies has soared to over $113 billion

Publicly listed Empery Digital becomes the 21st largest Bitcoin holder

Binance Alpha will list Project Merlin (MRLN) and open airdrops to eligible users

The Ministry of Commerce announced the launch of an anti-dumping investigation on imported analog chips originating from the United States.

BNB's market capitalization hits a record high of $131 billion

In the past 24 hours, the entire network has liquidated $405 million, mainly short positions

A look at the key developments from midday on September 13th

US spot Ethereum ETF saw a net inflow of $402.27 million yesterday

Daily Must-Read

Crypto treasuries set for ‘bumpy ride’ as premiums narrow: NYDIG

Trump family went pro-crypto after Biden ‘weaponized banks’ — WSJ

New York lawmaker wants to tax crypto sales and transfers

Trump to order probe of crypto and political debanking claims: WSJ

Bros who tricked MEV bots with their own medicine must face trial, says judge

Western Union CEO Views Stablecoins as an Opportunity, Not a Threat: Bloomberg

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

Popular Tags

Share