A significant portion of the most widely traded cryptocurrencies face notable governance risks, according to an analysis conducted by Web3 company De.Fi. Out of 429 tokens surveyed, approximately 75% exhibited risk factors related to their contract structures, including issues such as hidden ownership and wallets endowed with special permissions.
The analysis revealed that only 16.6% of the contracts reviewed were managed by multi-signature wallets, a security measure requiring multiple private keys to authorize transactions. Such wallets are considered an effective means of mitigating risks associated with phishing attacks and malware-based hacking attempts.
Moreover, over 38% of token contracts are governed by wallets or external accounts, enabling them to execute privileged functions within the contract at any given time. The level of risk associated with these permissions varies, with certain actions posing immediate dangers to user assets, such as the ability to alter key addresses for contract interactions.
Hidden ownership, found in 6.8% of contracts, allows creators to retain control over the contract's ownership and veto voting rights. Additionally, a mere 10% of tokens feature abandoned contracts, relinquishing the creators' ability to modify code or governance features, thereby enhancing decentralization.
Artem Bondarenko, De.Fi's head of technology, underscored the security vulnerabilities stemming from reliance on single wallet owners, often concealed from DAO participants. Bondarenko highlighted the substantial risks posed by such practices, which have led to billions of dollars in losses due to access control vulnerabilities, exploits, and breaches.
While governance parameters can signal potential risks, it's essential to note that this doesn't always translate to security breaches. Many companies with governance tokens employ robust security measures and practices that may not be readily apparent or documented on-chain, Bondarenko emphasized. Nevertheless, approximately 14% of contracts either lack governance mechanisms entirely or provide inadequate disclosures regarding their governance structures.
