Cointime

Cointime

Download App
iOS & Android

Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

Validated Project

We analyzed Worldcoin's token $WLD smart contract 0x163f8c2467924be0ae7b5347228cabf260318753 and found some security concerns. Here are risks that you should keep alert.

Centralized Risks

  • The mintOnce Function

The contract implements a centralized minting mechanism mintOnce, allowing the owner to mint tokens to multiple addresses in one transaction. This one-time function has already been called by the current owner. The current owner is a 1/1 multisig wallet contract 0x59a0f98345f54bAB245A043488ECE7FCecD7B596, with only one owner eth:0xc534a745bFfaF9466Ed7B47fA23B0177b99A3e77. This means only one signature is needed to represent the owner to perform privileged operations.

  • The setMinter Function

In addition, the contract also implements the setMinter function, allowing the owner to set a minter address. Currently the minter is zero address.

  • The mintInflation Function

If the owner sets a non-zero minter, the minter can arbitrarily call mintInflation to mint unlimited tokens to any address.

Token Distribution

Statistics show the first 6 addresses already hold 94.5% of the total supply. This indicates a highly centralized token distribution.

In summary, the token contract has the following security risks:

  1. The owner currently has only one signer, which reduces security control over the owner account.
  2. There is a risk of unlimited token minting after a minter is set.
  3. The token distribution is overly centralized with the top 6 addresses holding most tokens.

To mitigate these risks, here are our security suggestions:

  1. Increase the number of signers for the owner to enforce multi-sig management.
  2. Disable arbitrary settings of minters to prevent unlimited minting.
  3. Adopt vesting or continuous distribution to reduce the centralization of token distribution.

Security is the cornerstone of a healthy blockchain ecosystem. We will continue monitoring project security, performing timely security risk alerts, to jointly maintain the security of blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Worldcoin
Comments

All Comments

Recommended for you

  • Iranian Source: Breakthrough in Iran-US Negotiation Preparations Possible 'Tonight or Tomorrow'

    On April 23, an Iranian diplomatic source told RIA Novosti that preparations for negotiations between Iran and the United States in Pakistan may achieve a breakthrough 'tonight or tomorrow.' (Xinhua News Agency)

  • Anthropic's Secondary Market Valuation Reaches $1 Trillion, Surpassing OpenAI

    On April 23, Anthropic's valuation on private equity trading platforms like Forge Global has risen to around $1 trillion, surpassing OpenAI's $880 billion. It is reported that the valuation of this artificial intelligence startup has rapidly increased due to buyers competing to purchase the increasingly scarce secondary market shares of Anthropic. (Dongxin News Agency)

  • BTC Surpasses $78,000

    Market data shows that BTC has surpassed $78,000, currently priced at $78,000.81, with a 24-hour decline of 0.14%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Bitmine Allegedly Acquires 100,000 ETH Worth $233.7 Million

    On April 23, according to monitoring by Lookonchain, three new addresses suspected to be associated with Tom Lee's Bitmine (0xB6a8...9c9E, 0xc2e0...2831, 0x4e5C...276c) received 100,000 ETH from BitGo, valued at $233.7 million.

  • Musk: AI Chip Shortage Expected in the Future

    On April 23, Tesla CEO Elon Musk stated during an earnings call that the company initiated the Terafab chip factory project due to an anticipated severe shortage of AI chips in the future. He remarked, "In terms of industry growth rates, logic chips, and even more so storage chips, we expect to encounter bottlenecks if we do not manufacture chips ourselves. This is the reason for the birth of Terafab." (Dongxin News Agency)

  • US Spot Bitcoin ETF Sees Net Inflow of $331.9 Million Yesterday

    On April 23, according to monitoring by Trader T, the US spot Bitcoin ETF experienced a net inflow of $331.9 million yesterday.

  • US Spot Ethereum ETF Sees Net Inflow of $96.43 Million Yesterday

    On April 23, according to monitoring by Trader T, the US spot Ethereum ETF saw a net inflow of $96.43 million yesterday.

  • U.S. State Department Urges American Citizens to Leave Iran Immediately

    On April 23, the Bureau of Consular Affairs of the U.S. State Department posted on social media that, given Iran's announcement of partial airspace reopening, American citizens in Iran should leave immediately. The post advised U.S. citizens to stay informed about the situation through local media and to consult commercial airlines for information on flights departing Iran. Additionally, U.S. citizens can also travel by land to Armenia, Azerbaijan, Turkey, and Turkmenistan, but should avoid areas along the Iran-Afghanistan, Iran-Iraq, or Iran-Pakistan borders.

  • Tesla: Increasing Investment in AI Computing Power and Advancing New Battery and Material Factories

    On April 23, Tesla's official blog announced that the company is increasing its investment in AI computing power to advance the construction of new battery and battery materials factories. This move is also aimed at further preparing for the production of the third-generation Megapack energy storage system, the Tesla autonomous electric vehicle Cybercab, and the Tesla electric truck Semi.

  • USA: Deploying the Strongest Military Force in History to the Middle East

    On April 23, local time April 22, the U.S. Central Command announced that since the U.S. military began its blockade operations in the waters related to the Strait of Hormuz on April 14, it has requested 31 vessels to turn around or return to port as part of the blockade. The U.S. Central Command also stated that the military is currently deploying the most comprehensive and powerful military force ever seen across the Middle East.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company