Trusting a Smart Contract Means Trusting Its Owners: Understanding Centralization Risk
Abstract
Smart contract access control mechanisms can introduce centralization into supposedly decentralized ecosystems. In our view, such centralization is an overlooked risk of smart contracts that underlies well-known smart contract security incidents. Critically, mitigating the known vulnerability of missing permission verification by implementing authorization patterns can in turn introduce centralization. To delineate the issue, we define centralization risk and describe smart contract source code patterns for Ethereum and Algorand that can introduce it to smart contracts. We explain under which circumstances the centralization can be exploited. Finally, we discuss implications of centralization risk for different smart contract stakeholders.
Keywords
Cite
@article{arxiv.2312.06510,
title = {Trusting a Smart Contract Means Trusting Its Owners: Understanding Centralization Risk},
author = {Metin Lamby and Valentin Zieglmeier and Christian Ziegler},
journal= {arXiv preprint arXiv:2312.06510},
year = {2023}
}
Comments
Peer-reviewed version accepted for publication in the proceedings of the 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS '23)