As part of Golteum’s smart contract audit conducted by CertiK, two centralization risks were identified, requiring immediate attention and mitigation. These risks highlight potential vulnerabilities and the need for enhanced security measures within the Golteum ecosystem.
Centralization
The first risk identified relates to the centralized token holding position within the GLTM contract. At the time of deployment, a specific group of externally owned accounts (EOAs) holds a significant number of tokens, which poses a major centralization risk. If the private keys associated with these tokenOwner and _owner EOAs are compromised, an attacker could exploit their authority to manipulate tokenomics, sell tokens, or remove pool liquidity. Such actions could lead to a significant drop in token price and negatively impact the project.
To mitigate this risk, Golteum has proactively implemented measures recommended by CertiK. In the short term, the team has introduced timelocks and multi-signature wallets to enhance security and prevent a single point of key management failure. By delaying sensitive operations and distributing authority across multiple signers, the risk of manipulation and unauthorized actions is minimized. The following code snippet demonstrates the implementation of timelocks and multi-signature wallets:
Solidity -
_rOwned[tokenOwner] = _rTotal;
// Add the liquidity
uniswapV2Router.addLiquidityETH{value: ethAmount}(
address(this),
tokenAmount,
0, // slippage is unavoidable
0, // slippage is unavoidable
owner(),
block.timestamp
);
Mitigation
New Token Address:
https://etherscan.io/address/0xf72be912c9e3683d58a5fc0bbbbe07390be39b88
Timelock Address: https://etherscan.io/address/0x6608ED5e9401F823c80cbE45069AAA3d647ED974
Multi-sig Addresses: 0x0c52b17EA6eCe956bB844aC5842405f39766e7fF
Owner 1 : 0xbf98d7F8b7da8fE38BCd0a228c7E2a126Dc83B29
Owner 2: 0x9F964E16127A42ed26927809FC8eA62edD76a817
Owner 3: 0x297E8AbeEA60C2ADC031f8D893eE466eB96Bce13
Vesting
The second risk identified by CertiK pertains to centralization risks within the reflect.sol contract used in Golteum. Specifically, the role of _owner has significant authority over various functions. Compromising the _owner account could allow an attacker to drain funds, manipulate fee payments, exclude or include addresses from reward mechanisms, and modify critical parameters such as tax fees and maximum transaction amounts.
While these actions may pose risks to the project’s integrity and the security of user funds, our team has effectively mitigated the risk using the same method as the aforementioned vulnerability. Utilization of multi-signature wallets to control all owner functions, ensuring that decisions and actions require the consensus of multiple signers. This approach significantly reduces the likelihood of malicious activity and provides an added layer of security. The following code snippet showcases the implementation of multi-signature wallets:
Solidity -
function transferOwnership(address newOwner) external onlyOwner {
require(newOwner != address(0), “Ownable: new owner is the zero address”);
emit OwnershipTransferred(_owner, newOwner);
_owner = newOwner;
}
Future Development
In addition to these specific risks, Golteum recognizes the broader importance of decentralization within the DeFi space. The team is actively exploring long-term solutions to further enhance security and decentralization. This includes the introduction of a DAO (Decentralized Autonomous Organization), governance mechanisms, and voting modules to increase transparency and user involvement in decision-making processes. By empowering the community and distributing authority, Golteum aims to foster a more resilient and decentralized ecosystem.
Partnerships
It is important to note that in addition to Golteum’s alliance with CertiK, we’ve teamed up with industry-leading security and compliance partners such as Fireblocks, Safe, Chainalysis, and Veriff. These partnerships enable Golteum to implement proactive solutions and provide users with a secure and compliant platform. The Golteum community can rest assured that the team remains committed to transparency, accountability, and the highest standards of security. Golteum will continue to collaborate with industry-leading partners, engage in rigorous security practices, and implement best-in-class solutions to fortify the platform and provide users with a safe and reliable environment to trade, invest, and participate in the world of digital assets.
Our Commitment
By addressing the identified centralization risks, Golteum is taking a significant step forward in its journey toward becoming a leading digital asset management platform. The team’s unwavering commitment to security, decentralization, and compliance ensures that Golteum will provide a trusted and innovative ecosystem for users to access the benefits of precious metals and cryptocurrency within a secure and transparent environment.
Golteum remains steadfast in its mission to empower individuals to diversify their portfolios, unlock new investment opportunities, and participate in the growing world of DeFi. The team is grateful for the continued support of the Golteum community and looks forward to sharing further updates as the project progresses towards its vision of becoming the go-to digital asset management platform for both cryptocurrency and precious metals.
