How many DeFi projects still have ‘God Mode’ admin keys? More than you think

Published at: Sept. 25, 2020

Twelve out of 15 of the most popular decentralized finance protocols still have access to a ‘God Mode’ admin key, according to data on review platform DeFi Watch.

These full-access controls allow developers to modify or replace the smart contracts underpinning their projects, including making adjustments to user balances.

While admin keys have been justified as a way to protect users’ funds and are often used with security features such as timelocks and multi-sigs, analysts argue this calls into question exactly how “decentralized” these projects really are.

In a YouTube video posted on September 24, "Mastering Bitcoin" author and educator Andreas Antonopolous defined a truly decentralized project as one that does not have custodial control over the funds:

"That's a very important criterion. I think that's the foundational criterion."

By that standard, most protocols fall well short. Of the fifteen projects reviewed on DeFi Watch, only InstaDapp, MakerDAO, and Uniswap are reported to have no admin keys associated with their product. The remaining projects — which include Aave, Compound, DDEX, Yearn Finance, Nexus Mutual, and Synthetix — all have admin keys allowing varying degrees of control.

Aave’s admin key, which is owned by an Aragon DAO consisting of just five members, only requires three “yes” votes to make sweeping protocol changes. Aave currently sits third among all DeFi projects by total value locked (TVL) with more than $1.38 billion locked.

However, several projects, including Compound, have implemented security features to protect the integrity of the admin keys, and many projects have plans to migrate to fully decentralized governance system in future.

While many users have suggested that Aave and other projects have been upfront about their admin keys, DeFi Watch founder Chris Blec believes that DeFi protocols need to be explicit if they retain the option to enter God Mode:

It takes far too much digging for a user to find that info.It needs to be front and center.

— Chris Blec (@ChrisBlec) September 23, 2020

Blec added that even when project acknowledges that an admin keys exist, few clearly outline the ramifications. For example, nowhere “does it say ‘Aave can change your account balance’ or ‘Aave can replace all code with new code.’”

Aave’s website states all funds are held in non-custodial contracts and has an opaque warning:

“Aave will keep ownership of the protocol in these early days in order to ensure that the protocol remains secure if any issues arise.”

Synthetix smart contracts are similarly fully upgradeable via the admin key, with DeFi Watch stating that the core team possess “vast power to do just about anything, including adjusting user balances and draining funds.” Despite Synthetix’s core team acknowledging that the project is highly centralized, the protocol has attracted more than $590 million in assets from the DeFi community.

Uniswap does not have any admin keys, however blockchain analytics firm Glassnode, suggested in a report this week that the DeFi project has essentially created their own equivalent backdoor through the distribution of their UNI governance token.

According to Glassnode, the team potentially has immediate access to almost 40% of the entire supply, which is over double the amount currently held by the rest of Uniswap’s community. With UNI tokens facilitating project governance, including access to the project’s Treasury, this would put them firmly in control of a decentralized protocol.

DeFi Watch states that trustless protocols are something of a mirage at present and in the end, security comes down to the project team’s competency:

“The only way that you can truly feel secure while using these DeFi products currently is to trust in the competency of the team and their ability to secure their admin key.”

Tags
Decentralization
Blockchain
Defi
Makerdao
Andreas Antonopoulos
Related Posts
DeFi Vs. Legacy Finance: Solving Old Issues Brings New Complexities
Decentralized finance has become one of the hot topics in crypto this year. Although activity and volume in the DeFi space still lag behind its popularity, this is starting to change as novel protocols become available. In fact, according to a recent report by Consensys, the amount of Ether (ETH) locked and active users on DeFi platforms has soared after being “fairly stagnant” during the rest of the year due to Compound’s release. DeFi tokens have also been the topic of much discussion, as they have outperformed Bitcoin in the price charts week after week. In fact, Compound’s COMP token …
Decentralization / July 20, 2020
How Market Volatility Is Shining a Light on DeFi’s Structural Vulnerabilities
On March 12, United States President Donald Trump gave a 10-minute speech on COVID-19 that, coupled with the World Health Organization’s official declaration the day before that the outbreak was now a pandemic, sparked panic across global markets. Investors rushed to the safety of cash, and no cryptocurrency was immune from the mass sell-off. The total market capitalization of the cryptocurrency sector plummeted by over 25% in a span of hours. Bitcoin (BTC), despite its reputation as a safe haven, fell by 48% in a span of 24 hours. Ether’s (ETH) loss of 43% was its worst one-day performance. While …
Decentralization / March 28, 2020
Fireblocks to ‘Bridge the Gap’ Between Institutional Traders and DeFi
Institutional digital asset security platform Fireblocks has announced an integration with decentralized finance (DeFi) lending platform Compound — currently the second-largest application built on Ethereum. Entities storing assets with Fireblocks can now generate passive income by accessing Compound — an algorithmic interest rate protocol currently managing $163 million in interest-earning digital assets including cryptocurrencies and stablecoins. The partnership will allow institutions like market makers, hedge funds and exchanges to put assets on Compound. Fireblocks to make things easier for institutions Speaking to Cointelegraph, Compound CEO Robert Leshner explained that the partnership with Fireblocks will make it easier for institutional entities …
Decentralization / March 17, 2020
Less than 1% of all holders have 90% of the voting power in DAOs: Report
Decentralized autonomous organizations (DAOs) have become a rage in the ever-expanding crypto ecosystem and are often seen as the future of decentralized corporate governance. DAOs are organizations without a centralized hierarchy and were intended to work in a bottom-up manner so that the community collectively owns and contributes to the decision-making process. However, recent research data suggests that these DAOs are not as decentralized as they were intended to be. A recent report from Chainalysis analyzed the workings of ten major DAO projects and found that on average, less than 1% of all holders have 90% of the voting power. …
Decentralization / June 27, 2022
What is CeDeFi, and why does it matter?
What are the disadvantages of CeDeFi? Currently, CeDeFi’s main downside is the high learning curve associated with its protocols because of their complexity. The concept is still young, and more intuitive and user-friendly interfaces are bound to emerge over time. CeDeFi also relies heavily on Ethereum, given that most CeDeFi protocols are still built on the Ethereum blockchain. If Ethereum fails, CeDeFi will likely fail as well. However, this risk is mitigated by the fact that other blockchains are beginning to adopt CeDeFi protocols. Another disadvantage of CeDeFi is that it’s still relatively new and unproven. While the sector has …
Decentralization / Aug. 17, 2022