Beware of the “God Mode” Admin Keys – What are DeFi Projects Even Thinking?
Review platform DeFi Watch shows that twelve out of fifteen of the most popular decentralized finance projects still have access to a ‘God Mode’ admin key. These full-access control keys allow developers to modify or replace anything in the smart contracts underpinning their projects, and even make adjustments to user balances.
While admin keys are a common thing early in the project’s life, they are defeating the concept of decentralization and rendering the whole project unsafe. While the “God Mode” keys have been justified as the way to protect users’ funds, and are mostly used with security features such as timelocks and multi-sigs, many analysts argue the validity of the claims.
Author and educator Andreas Antonopolous has defined a truly decentralized project as one that has no custodial control over the funds, adding that “This is a very important criterion. I think that’s the foundational criterion of decentralization.”
By that standard, most DeFi protocols fall well short. Out of the fifteen projects reviewed on DeFi Watch, only Uniswap, Makerdao, and InstaDapp have no admin keys associated with their product, while the remaining projects — which include Compound, Aave, DDEX, Nexus Mutual, Yearn Finance, and Synthetix — all have admin keys that allow varying degrees of control.
Aave’s admin key, which consists of just five members, only requires three of the five members to vote “yes” in order to make sweeping protocol changes. Aave, as the third among all DeFi projects by total value locked, should not allow such a form of centralization.
However, several projects, such as Compound, have implemented security features that protect the integrity of the admin keys, with many more projects planning to migrate to fully decentralized governance systems in the future.
While many users did state that Aave and other projects have been somewhat upfront about their admin keys, DeFi Watch founder Chris Blec said that DeFi protocols need to be completely explicit if they retain the option to possess the God Mode feature. He also added that even when projects acknowledge admin keys’ existence, only a few clearly outline the ramifications. As an example, while Aave claimed that they have the “God Mode” keys, nowhere does it say that ‘Aave can change your account balance.’
Synthetix smart contracts are, similar to Aave, fully upgradeable via the admin key, with the core team possessing the “vast power to do just about anything, including adjusting user balances and draining funds” – as DeFi watch stated. Despite Synthetix’s core team acknowledging the project’s centralization, the protocol has attracted immense funds and numerous investors.
Unlike Aave, Uniswap does not have any admin keys. Still, a blockchain analytics firm Glassnode has suggested that the DeFi project has essentially created their own unique backdoor through the distribution of their UNI governance token, which is equally as daunting.
The team potentially has immediate access to close to 40% of the entire supply, which is, at the moment, over double the amount held by the rest of Uniswap’s community. This would put them firmly in control of the whole decentralized protocol.
Once again, while having “God Mode” keys is somewhat a standard for new and emerging projects, it is expected for them to get rid of it or suffer the consequences of being deemed as a centralized project.