As a result of the audit process, our suite of smart contracts was rated "Secured", with the highest rating being "Well-Secured". The reason for this was the centralization of contracts. According to the report:
This smart contract has some functions which can be executed by the Admin (Owner) only. If the admin wallet private key would be compromised, then it would create trouble.
Following are the instructions on how to renounce to the owner priviledges and if it is advisable or not.
Warning!
This is a very dangerous zone!
Only make the documented changes if you understand 100% what you are doing; otherwise, your contracts may end up unusable
Be careful! Renouncing the role of owner, administrator and minter is an irreversible action that cannot be undone
Ube and Almond
Ownership
The audit report of the Stakes contracts (Ube and Almond) states that "the owner can set critical values like interest rate, penalization, maturity, etc. If the admin wallet private key would be compromised, then it would create trouble, also the owner itself can change the ownership to any arbitrary account"
It is advisable to renounce ownership of the Ube and Almond contracts?
Short answer: NO
The audit results are correct, but we strongly recommend that contract owners DO NOT RENOUNCE ownership of their Ube and Almond smart contracts. Doing so renders the contracts unusable because the "owner" of the contract is responsible for approving the funds for the contract and thus paying interest to the Stakers. If the owner renounces, then no one will be able to pay interests.
In this way Ube and Almond contracts are centralized in nature, and cannot be decentralized.
Matcha and Suika Ownership
The audit report of the NFT Marketplaces contracts (Matcha and Suika) states that "The owner / admin can change the commission percentages, payment token, etc."
Functions involved
updateAdmin - The owner can change the commission percentages, payment token, etc.
grantRole - Any new role can be granted.
revokeRole - The owner can revoke a particular role.
autoMint, mint and safeMint - Minting methods
It is advisable to renounce ownership? of Matcha and Suika contracts?
Short answer: it depends.
If you already minted all your items and don't plan to mint any more items in the future, and also want to freeze your marketplace settings forever, then yes, you can renounce ownership and make your NFT Marketplace completely decentralized.
Otherwise it is not recommended to renounce ownership of your contract.
Renounce Ownership and Admin Role
To make the smart contract 100% decentralized, we suggest renouncing ownership in the smart contract once its function is completed.
Matcha and Suika smart contracts has two differente variables to manage settings and role parameters: `admin` and `contract_owner`
To renounce to both, ownership and admin priviledges in order to make contracts independent and fully decentralized, you can set "admin" and "contract_owner" to "zero address". This way, no one will be able to change the settings of your smart contracts.
Renounce Minter Role
In Suika and Matcha, the minter can mint tokens as needed. This can lead to centralization problems. So, if you want your collection to be fully decentralized, renounce the minter role when the collection is fully minted, or depending on your needs, open the collection to anyone who can mint. If you want to achieve the first option, changing ownership to zero address will cause your account to also renounce the minter role.
Warning!
Please note that by following these steps you will renounce ownership, admin role and minter role. All in one transaction. So be very careful and make sure you understand the consequences.
Steps to Renounce Ownership, Admin and Minter Role
Renounce ownership
Go to your contract in the Block explorer (Etherscan, BSCScan, etc)
Click on the "Contract" section - "Write Contract"
Login into your Metamask wallet using the contract's owner account
Click on the button "Connect to Web3" and follow the instructions to connect your wallet
On the "updateOwner" section specify the zero address: "0x0000000000000000000000000000000000000000" as the contract owner address
Click on "Write" and confirm the transaction in Metamask