Cointime

Cointime

Download App
iOS & Android

Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

Validated Project

We analyzed Worldcoin's token $WLD smart contract 0x163f8c2467924be0ae7b5347228cabf260318753 and found some security concerns. Here are risks that you should keep alert.

Centralized Risks

  • The mintOnce Function

The contract implements a centralized minting mechanism mintOnce, allowing the owner to mint tokens to multiple addresses in one transaction. This one-time function has already been called by the current owner. The current owner is a 1/1 multisig wallet contract 0x59a0f98345f54bAB245A043488ECE7FCecD7B596, with only one owner eth:0xc534a745bFfaF9466Ed7B47fA23B0177b99A3e77. This means only one signature is needed to represent the owner to perform privileged operations.

  • The setMinter Function

In addition, the contract also implements the setMinter function, allowing the owner to set a minter address. Currently the minter is zero address.

  • The mintInflation Function

If the owner sets a non-zero minter, the minter can arbitrarily call mintInflation to mint unlimited tokens to any address.

Token Distribution

Statistics show the first 6 addresses already hold 94.5% of the total supply. This indicates a highly centralized token distribution.

In summary, the token contract has the following security risks:

  1. The owner currently has only one signer, which reduces security control over the owner account.
  2. There is a risk of unlimited token minting after a minter is set.
  3. The token distribution is overly centralized with the top 6 addresses holding most tokens.

To mitigate these risks, here are our security suggestions:

  1. Increase the number of signers for the owner to enforce multi-sig management.
  2. Disable arbitrary settings of minters to prevent unlimited minting.
  3. Adopt vesting or continuous distribution to reduce the centralization of token distribution.

Security is the cornerstone of a healthy blockchain ecosystem. We will continue monitoring project security, performing timely security risk alerts, to jointly maintain the security of blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Worldcoin
Comments

All Comments

Recommended for you

  • BTC breaks through $69,000

     the market shows BTC breaking through $69,000, currently at $69,021.49, with a 24-hour increase of 1.15%. The market is highly volatile, please manage your risk accordingly.

  • Spanish Foreign Minister: Not worried about any consequences of refusing US access to military bases

     on March 3 local time, Spanish Foreign Minister Alvarez defended the Spanish government's refusal to provide the Rota and Moron military bases to the United States for participation in attacks on Iran. Alvarez stated that the operation initiated by the United States and Israel is not supported by the United Nations and is not part of the bilateral agreements allowing the use of the aforementioned Spanish sovereign military bases. Alvarez also said that the Spanish government is not concerned that this stance will have any consequences. Alvarez stated: "The position of the Spanish government represents the will of the vast majority of the Spanish people as well as the vast majority of people worldwide, which is to defend the UN Charter, respect international law, and believe that cooperation is always more powerful than confrontation."

  • Spot gold plunges nearly $100 in the short term.

     spot gold plunged nearly 100 dollars in a short time, spot gold fell below 5170 dollars/ounce, with a daily decline of 2.94%. 

  • BTC falls below $67,000

    the market shows BTC fell below $67,000, currently at $66,996.93, with a 24-hour increase of 1.18%. The market is highly volatile, please manage your risk accordingly.

  • ETH breaks $2,000

    the market shows ETH breaking through $2000, currently at $2001.64, with a 24-hour increase of 2.89%. The market is highly volatile, please manage your risks accordingly.

  • The US spot Bitcoin ETF saw a net inflow of $962.48 million yesterday.

    according to Trader T's monitoring, the US spot Bitcoin ETF had a net inflow of 962.48 million USD yesterday.

  • BTC falls below $66,000

     the market shows BTC fell below 66,000 USD, currently at 65,986.66 USD, with a 24-hour decline of 1.31%. The market is highly volatile, please manage your risks accordingly.

  • BTC falls below $66,000

     the market shows BTC fell below $66,000, currently at $65,973.16, a 24-hour drop of 2.66%. The market is highly volatile, please manage your risks accordingly.

  • ETH breaks $2,000

    market shows ETH breaking through $2000, currently at $2000.29, with a 24-hour increase of 3.73%. The market is volatile, please manage your risk accordingly.

  • The United States uses Anthropic's artificial intelligence technology in its airstrikes in the Middle East.

     United States used Anthropic's artificial intelligence technology in airstrikes in the Middle East, and just hours before the attack, Trump had just issued a ban against Anthropic. 

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company