Habibi

The Habibi prediction market protocol (contract address: 0xfdb619900a6c9ca66aa37e15beba9e1edfd2420a) is fully controlled by a single Externally Owned Account (EOA: 0xcB5A87059B3B699a49aCCa634A24300f5fd56Aed) with the following unrestricted powers: (1) can mint up to 900 million tokens (90% of total supply) at any time to dilute all holders; (2) can pause all token transfers to freeze user funds; (3) can extract contract balance via withdrawFees() function which only protects staked tokens but not users' trading principal in markets (tradingPools.liquidity), enabling direct theft of users' trading funds; (4) can manipulate any market outcome for profit. If the single EOA private key is compromised or owner acts maliciously, minting, withdrawal, and market manipulation can be completed within a single block, resulting in total loss of all user funds. The protocol has no multisig protection, timelock, or community oversight mechanisms.