Cointime

Cointime

Download App
iOS & Android

Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

Validated Project

We analyzed Worldcoin's token $WLD smart contract 0x163f8c2467924be0ae7b5347228cabf260318753 and found some security concerns. Here are risks that you should keep alert.

Centralized Risks

  • The mintOnce Function

The contract implements a centralized minting mechanism mintOnce, allowing the owner to mint tokens to multiple addresses in one transaction. This one-time function has already been called by the current owner. The current owner is a 1/1 multisig wallet contract 0x59a0f98345f54bAB245A043488ECE7FCecD7B596, with only one owner eth:0xc534a745bFfaF9466Ed7B47fA23B0177b99A3e77. This means only one signature is needed to represent the owner to perform privileged operations.

  • The setMinter Function

In addition, the contract also implements the setMinter function, allowing the owner to set a minter address. Currently the minter is zero address.

  • The mintInflation Function

If the owner sets a non-zero minter, the minter can arbitrarily call mintInflation to mint unlimited tokens to any address.

Token Distribution

Statistics show the first 6 addresses already hold 94.5% of the total supply. This indicates a highly centralized token distribution.

In summary, the token contract has the following security risks:

  1. The owner currently has only one signer, which reduces security control over the owner account.
  2. There is a risk of unlimited token minting after a minter is set.
  3. The token distribution is overly centralized with the top 6 addresses holding most tokens.

To mitigate these risks, here are our security suggestions:

  1. Increase the number of signers for the owner to enforce multi-sig management.
  2. Disable arbitrary settings of minters to prevent unlimited minting.
  3. Adopt vesting or continuous distribution to reduce the centralization of token distribution.

Security is the cornerstone of a healthy blockchain ecosystem. We will continue monitoring project security, performing timely security risk alerts, to jointly maintain the security of blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Worldcoin
Comments

All Comments

Recommended for you

  • 38,244.04 DMD Permanently Burned in the Past 7 Days

    On June 25, 2026, the latest on-chain data from DMDAO revealed that a total of 38,244.04 DMD has been permanently burned through the established transaction and wealth management burn mechanisms over the past 7 calendar days.

  • BTC Falls Below $60,000

    Market data shows that BTC has fallen below $60,000, currently priced at $59,954.84, with a 24-hour decline of 4.19%. The market is experiencing significant volatility, so please ensure proper risk management.

  • ETH Drops Below $1600

    Market data shows that ETH has fallen below $1600, currently priced at $1597.55, with a 24-hour decline of 3.81%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Billionaire Philippe Laffont Prefers Investing in Space Over Bitcoin

    Philippe Laffont, founder and portfolio manager of Coatue Management, stated on the Squawk Box program that he is currently unable to determine his stance on Bitcoin. He mentioned that he is rethinking Bitcoin's positioning and expressed a preference for investing in space over Bitcoin. (thestreet)

  • Tech Giants' Data Center Leasing Commitments Exceed $850 Billion

    On June 24, an analysis by Bloomberg of regulatory filings revealed that as tech giants compete to expand their server clusters, the total amount of future data center leasing commitments by large cloud computing companies has continued to rise over the past year, surpassing $850 billion. Last quarter, Meta added leasing commitments of $79 billion, a 76% increase from the previous period; as of March 31, the total reached $182.9 billion. Meta CEO Mark Zuckerberg has stated that the company plans to invest hundreds of billions of dollars in AI infrastructure by 2030. Microsoft followed closely, adding over $41 billion in leasing commitments, bringing its total to $196.6 billion.

  • Address with $34.61 Million Long Position in 21,000 ETH Faces $1.696 Million Loss at 18x Leverage

    According to on-chain analyst Ai Yi, a certain address took a long position of 21,000 ETH with 18x leverage yesterday, amounting to approximately $34.61 million. Currently, it is facing an unrealized loss of $1.696 million, with an opening price of $1,728.5 and a liquidation price of $1,590.1.

  • U.S. 10-Year Treasury Yield Falls to 4.4138%, Lowest Since May 11

    On June 24, the yield on U.S. 10-year Treasury bonds fell to 4.4138%, the lowest level since May 11. The yield on U.S. 30-year Treasury bonds dropped to 4.8572%, the lowest since April 15.

  • Crypto Market Liquidations Reach $134 Million in the Last Hour, with $125 Million in Long Liquidations

    According to CoinGlass data, the total liquidation amount across the network in the last hour reached $134 million, with long liquidations accounting for $125 million and short liquidations amounting to $8.539 million.

  • BTC Falls Below $61,000

    Market data shows that BTC has fallen below $61,000, currently priced at $60,986.03, with a 24-hour decline of 2.88%. The market is experiencing significant volatility, so please ensure proper risk management.

  • International Oil Prices Plunge as U.S. Oil Futures Fall Below $70

    On June 24, international crude oil prices continued to decline, with U.S. WTI crude oil futures falling below the $70 per barrel mark during trading, down 4.4% for the day, reaching a new low since March 2, and reverting to levels seen before the outbreak of the Iran conflict. Brent crude oil futures for August dropped 4.5%, settling at $73.6 per barrel. Market expectations of easing tensions in the Middle East, a recovery in Iranian oil supply, and rising interest rate expectations due to U.S. inflation have pressured oil prices.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company