Difference between revisions of "Admin Key"
wiki_crypto>Zeb.dyor |
m (1 revision imported) |
(No difference)
|
Latest revision as of 10:10, 18 January 2022
Basics
- Aka Access Control, as DeFi Safety puts it. They also wrote about how a balance can look like and which aspects should be public.
- The private key that holds control over a smart contract containing funds of users of the particular DApp. Blockchains have the beauty of decentralization and self control of funds, however, DApps are created by smart contracts which are deployed by a developer or a team. This contract has 1 private key as controller. This takes away a lot of the trustlessness of blockchain technology. Some projects therefor 'give over' the keys to the community, or create a multisig wallet with the keys and elect well known community members to hold these keys. Some other projects burn the keys, which means that their contract (protocol) cannot easily update, but has to deploy new contracts to which users can chose to migrate.
- Having an admin key gives risks to what are called 'rug pulls', where a team member can take away all the funds out of the smart contract and disappear.
- From Bankless (26-10-2020)
"Admin key risk is the risk that the original deployers of a contract hold the admin keys to the contract, and thus aren’t trustless because it fails John Adlers rule #2: no one else can access your money."
"The majority of popular defi protocols have some form of centralized control that enables specific ‘administrator’ addresses to intervene in powerful ways.
This has some security benefits, but it means that you have to trust the administrator(s) not to abuse their privileges. It also adds the risk of an attacker gaining access to an administrator’s private keys, and all the privileges that come with them.
An administrator account can take several possible forms, including a single address, a multisig wallet, or even be a DAO controlled by a voting process.
- What special actions can administrators take?
- Pausing the system?
- Modifying balances?
- Whitelisting/blacklisting of tokens and/or users?
- Upgrading a subset of the system.
- Upgrading all of the system (which is equivalent to omnipotence).
- Anything else?
- Which of these actions ones do and do not have a time delay on them?
- If there is a time delay, how long is that time delay?
- How many people have administrator privileges?
- How many of those admins must approve before some action is taken?
- Are any administrative actions controlled by on-chain governance (ie. a DAO)?
- Where can I stay up to date about proposed changes to the protocol?
Some of this information is already being tracked at DefiWatch."