DGrid AI

This project contains two upgradeable proxy contracts: Node Sales Contract (proxy: 0x045bebe5Dd1483FBF7b6a922f72BD5d2E47F8597, implementation: 0x2b9f8FE6A8687fe87ABa30480D3f8EA7d9394372) and Staking Pool Contract (proxy: 0xD94a8b79b0c1731301904B8b696253d0C2b6dce3, implementation: 0x1a70df576a6fd48B7e50c33Bd45a659d4e33B851), both managed by the same EOA address (0xE3bdE2e4D610be322cf39C8f0246d76910C5ED92) as Owner. Primary centralization risks: (1) Owner is an EOA account rather than a multisig or timelock contract, capable of unilaterally executing sensitive operations including contract upgrades, price/reward parameter modifications, and feature enabling/disabling; (2) Server address controls critical business flows - all node purchases, staking deposits, and node unjailing require its signature authorization, enabling selective service provision; (3) Both contracts include emergencyWithdraw functions allowing Owner to extract all tokens (including users' unclaimed commissions and staking rewards) when paused; (4) Owner can adjust node prices, gas fees, commission rates, reward distribution rates, and disable unstaking functionality; (5) Server can unilaterally jail user nodes without on-chain evidence, affecting their reward accrual. Recommendation: Project team should transfer Owner privileges to a multisig wallet or DAO governance contract and implement timelock mechanisms for critical parameter changes to reduce centralization risks and enhance user trust.