Cointime

Cointime

Download App
iOS & Android

Only 1 Owner of Multi-Signed Contract? Worldcoin May Involve Centralized Risks

Validated Project

We analyzed Worldcoin's token $WLD smart contract 0x163f8c2467924be0ae7b5347228cabf260318753 and found some security concerns. Here are risks that you should keep alert.

Centralized Risks

  • The mintOnce Function

The contract implements a centralized minting mechanism mintOnce, allowing the owner to mint tokens to multiple addresses in one transaction. This one-time function has already been called by the current owner. The current owner is a 1/1 multisig wallet contract 0x59a0f98345f54bAB245A043488ECE7FCecD7B596, with only one owner eth:0xc534a745bFfaF9466Ed7B47fA23B0177b99A3e77. This means only one signature is needed to represent the owner to perform privileged operations.

  • The setMinter Function

In addition, the contract also implements the setMinter function, allowing the owner to set a minter address. Currently the minter is zero address.

  • The mintInflation Function

If the owner sets a non-zero minter, the minter can arbitrarily call mintInflation to mint unlimited tokens to any address.

Token Distribution

Statistics show the first 6 addresses already hold 94.5% of the total supply. This indicates a highly centralized token distribution.

In summary, the token contract has the following security risks:

  1. The owner currently has only one signer, which reduces security control over the owner account.
  2. There is a risk of unlimited token minting after a minter is set.
  3. The token distribution is overly centralized with the top 6 addresses holding most tokens.

To mitigate these risks, here are our security suggestions:

  1. Increase the number of signers for the owner to enforce multi-sig management.
  2. Disable arbitrary settings of minters to prevent unlimited minting.
  3. Adopt vesting or continuous distribution to reduce the centralization of token distribution.

Security is the cornerstone of a healthy blockchain ecosystem. We will continue monitoring project security, performing timely security risk alerts, to jointly maintain the security of blockchain.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

Worldcoin
Comments

All Comments

Recommended for you

  • Berkshire Hathaway's Cash Reserves Surge to Record $397 Billion

    On May 2, it was reported that in the first quarter under CEO Greg Abel, Berkshire Hathaway's cash reserves soared to an all-time high of $397 billion. Although the company's cash reserves slightly decreased at the end of last year, they saw a significant increase in the first quarter, as the company net sold $8.1 billion in stocks during this period. (Jin Shi)

  • Berkshire Hathaway Releases Q1 Report

    On May 2, Berkshire Hathaway A (BRK.A.N) reported Q1 2026 revenue of $93.675 billion, up from $89.725 billion in the same period last year, exceeding market expectations of $89.274 billion. The net profit was $10.106 billion, compared to $4.603 billion in the same period last year, while market expectations were $11.762 billion. (Jin Shi)

  • U.S. Government: $40 Billion Earned from 10% Stake in Intel (INTC.US)

    On May 2, the U.S. government announced that its 10% stake in Intel (INTC.US) has generated $40 billion in earnings. (Dongxin News Agency)

  • BTC Falls Below $78,000

    Market data shows that BTC has fallen below $78,000, currently priced at $77,977.99, with a 24-hour increase of 1.9%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Trump States the U.S. Will Not Leave the Strait of Hormuz

    On May 2, U.S. President Trump stated that the United States will currently "not leave" the Strait of Hormuz. He defended the U.S. blockade actions, describing them as "very strong." Trump claimed that the blockade measures are effective and asserted that once the war is over, energy prices will significantly drop. "After this war ends, the prices of oil, gas, and everything will plummet," he said. He also praised the U.S. stock market for reaching historic highs and noted that projects during his administration are being completed "on time" and "on budget." (Jinshi)

  • Trump: Personally Inclined Not to Restart Bombing Operations Against Iran

    On May 2, U.S. President Trump stated that he ultimately has two options regarding Iran: either escalate military action significantly or reach an agreement. 'There are indeed options. Do we want to go in and blow them to smithereens to solve the problem once and for all? Or do we want to try to reach an agreement? Those are the options on the table,' Trump said. He also confirmed that he had just received the latest briefing on military options from the U.S. Central Command the previous night. Trump expressed his personal inclination not to restart bombing operations. 'From a humanitarian standpoint, I prefer not to do that,' he said at the White House. (CNN)

  • Trump: Unsatisfied with Iran's Latest Proposal

    On May 2, U.S. President Trump stated: 'Regarding Iran, I am not satisfied with the latest proposal. We are negotiating over the phone, and I am not sure if we can reach an agreement.' (Jinshi)

  • Benset: The Blockade Will Continue Until Iran Restores Pre-War Freedom of Navigation

    On May 1, U.S. Treasury Secretary Benset posted on the X platform, stating that it is difficult for a mouse in a sewer pipe to know what is happening in the outside world. Here are some 'realistic scenarios' for the Iranian leadership—after all, they are indeed in a dark state of information isolation: 1. The U.S. has complete control over the Strait of Hormuz. 2. There is a shortage of hard currency (i.e., U.S. dollars). 3. Rationing of food and gasoline has been implemented. 4. The entire international community has turned against you. 5. The blockade will continue until freedom of navigation is restored to what it was before February 27.

  • BTC Surpasses $78,000

    Market data shows that BTC has surpassed $78,000, currently priced at $78,016.69, with a 24-hour increase of 2.13%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Crypto Exchange Startup Fun Secures $72 Million in Series A Funding

    Crypto exchange service startup Fun has disclosed that it has completed a $72 million Series A funding round, led by Multicoin Capital and tech venture capital firm SignalFire. Other participants include Infinity Ventures, Pharsalus Capital, and Tinder co-founder Justin Mateen. This funding transaction was completed in January of this year but was only made public recently. Fun declined to disclose the valuation of this funding round.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company