Smart contract access control mechanisms can introduce centralization into supposedly decentralized ecosystems. In our view, such centralization is an overlooked risk of smart contracts that underlies well-known smart contract security incidents. Critically, mitigating the known vulnerability of missing permission verification by implementing authorization patterns can in turn introduce centralization. To delineate the issue, we define centralization risk and describe smart contract source code patterns for Ethereum and Algorand that can introduce it to smart contracts. We explain under which circumstances the centralization can be exploited. Finally, we discuss implications of centralization risk for different smart contract stakeholders.
View on arXiv