CyberConnect

In the contract `Link3ProfileDescriptor` the role `owner` has authority over the functions shown in the diagram below.
Any compromise to the `owner` account may allow the hacker to take advantage of this authority and set new animation templates.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_Link3ProfileDescriptor-Link3ProfileDescriptor-owner.svg)

---
In the contract `CyberBoxNFT` the role `owner` has authority over the functions shown in the diagram below.
Any compromise to the `owner` account may allow the hacker to take advantage of this authority and pause/unpause the contract and set a new signer. The new signer can then call `claimBox()` and mint as many boxes as they want.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_CyberBoxNFT-CyberBoxNFT-owner.svg)

---
In the contract `Treasury` the role `owner` has authority over the functions shown in the diagram below.
Any compromise to the `owner` account may allow the hacker to take advantage of this authority and change the treasuryAddress to one they control or alter the value set for the treasury fee.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_Treasury-Treasury-owner.svg)

---
In the contract `PermissionedFeeCreationMw` the role `ENGINE` has authority over the functions shown in the diagram below.
Any compromise to the `ENGINE` account may allow the hacker to take advantage of this authority and change the recipient address, the signer address, and all the values for the different fee tiers for a given namespace.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_PermissionedFeeCreationMw-PermissionedFeeCreationMw-ENGINE.svg)

---
In the contract `Owned` the role `owner` has authority over the functions shown in the diagram below.
Any compromise to the `owner` account may allow the hacker to take advantage of this authority and set new malicious address as the owner of the contract.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_Owned-Owned-owner.svg)

---
In the contract `Auth` the role `owner` has authority over the functions shown in the diagram below.
Any compromise to the `owner` account may allow the hacker to take advantage of this authority and change the `Authority`.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_Auth-Auth-owner.svg)

---
In the contract `ProfileNFT` the role `_namespaceOwner` has authority over the functions shown in the diagram below.
Any compromise to the `_namespaceOwner` account may allow the hacker to take advantage of this authority and change the `NFTDescriptor` for the current profile, change the namespace owner, and pause/unpause the state of the contract.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_ProfileNFT-ProfileNFT-_namespaceOwner.svg)

In the contract `ProfileNFT` the modifier `onlyProfileOwner()` gives authority over the function setOperatorApproval(). Any compromise to the profile owner account may allow the hacker to take advantage of this authority and set malicious address as operators for a certain profile.

In the contract `ProfileNFT` the modifier `onlyProfileOwnerOrOperator()` gives authority on different functions including:
- `registerEssence()`
- `setSubscribeData()`
- `setEssenceData()`

Any compromise to the profile owner or operator account may allow the hacker to take advantage of this authority and register new essences, change the essence/subscribe middleware, and change essences' token URIs.

---
In the contract `EssenceNFT` the role `PROFILE` has authority over the functions shown in the diagram below.
Any compromise to the `PROFILE` account may allow the hacker to take advantage of this authority and mint new essences for a given profile.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_EssenceNFT-EssenceNFT-PROFILE.svg)

---
In the contract `CyberEngine` the role `_namespaceOwner` has authority over the functions shown in the diagram below.
Any compromise to the `_namespaceOwner` account may allow the hacker to take advantage of this authority and change the profile middleware for a given namespace to a malicious one.
![](https://accelerator-tasks-prod.acc.corp.certik.com/421a63d06a5b4dba8bed3ec54993c7f0/diagrams/centralization_CyberEngine-CyberEngine-_namespaceOwner.svg)

`CyberEngine.sol`, `EssenceNFT.sol`, `ProfileNFT.sol`, `SubscribeNFT.sol`, `CyberBoxNFT.sol` and `Link3ProfileDescriptor.sol` are upgradeable contracts, authorized accounts can upgrade these contracts without the community's commitment. If an attacker compromises the account, they can change the implementation of the contract and drain tokens from the contract.

The functions `permit()`, `subscribeWithSig()`, `collectWithSig()`, `registerEssenceWithSig()`, `setAvatarWithSig()`, `setOperatorApprovalWithSig()`, `setMetadataWithSig()`, `setSubscribeDataWithSig()`, `setEssenceDataWithSig()`, and `setPrimaryProfileWithSig()` all use the same `nonces` mapping. It may be possible for a user to provide multiple signatures before a function is executed so that they all use the same nonce. This will only allow one of the functions to be called as all the remaining signatures will become invalid when the nonce is incremented.