WONTON
High Risk
WONTON - Open Packs to Pull Tokens and Onchain Assets Through Collectibles Gamification on BNB
1 Issues Detected
1
Centralization Risks, Backdoor Functions
This project consists of a deposit contract (0x5bE46E21E34e2bb8f1E1d9476997D4b69554f6a5) and withdrawal contract (0xc60cc1E7eCfadcdD3Dd933B9073a5e0BD1657Be6), both controlled by a single EOA (0x5E3e1F955620CCab2C945Eaa434Ea3cECdCd16F0).
The core risk is that the owner can pause the withdrawal contract anytime and unconditionally extract all tokens via the emergencyWithdraw function (both operations lack timelock or multisig protection), while also being able to replace the signature authority at will, invalidating all issued withdrawal signatures; the deposit contract poses lower risk as funds are immediately forwarded without remaining in the contract, though overpayment is not refunded. Recommendations include upgrading to multisig management (minimum 2/3) and adding timelocks (suggested 7 days) for pause and emergencyWithdraw functions.
The core risk is that the owner can pause the withdrawal contract anytime and unconditionally extract all tokens via the emergencyWithdraw function (both operations lack timelock or multisig protection), while also being able to replace the signature authority at will, invalidating all issued withdrawal signatures; the deposit contract poses lower risk as funds are immediately forwarded without remaining in the contract, though overpayment is not refunded. Recommendations include upgrading to multisig management (minimum 2/3) and adding timelocks (suggested 7 days) for pause and emergencyWithdraw functions.
Summary
High Risk
Audit
DappBay Red Alarm
List Time
Jan, 06, 2026
Chain
BNB Smart Chain