contracts/market-core.clar hard-codes CONTRACT-OWNER to one principal and gates set-contract-paused with tx-sender == CONTRACT-OWNER.
Evidence:
contracts/market-core.clar defines CONTRACT-OWNER as a fixed principal.set-contract-paused uses that constant directly for authorization.
Impact:
- The emergency pause switch is tied to one deployer address and cannot be reassigned without redeploying the contract.
- Any deployment from a different principal will not be able to pause the contract, which weakens the emergency-control story.
Reproduction:
- Deploy the contract from a different account than the hard-coded principal.
- Call
set-contract-paused from the actual deployer.
- The authorization check fails because it only accepts the baked-in address.
Priority: Medium
Suggested scope:
Make the owner configurable at deployment time or store an owner variable that can be managed intentionally, so emergency controls stay usable across redeployments.
contracts/market-core.clarhard-codesCONTRACT-OWNERto one principal and gatesset-contract-pausedwithtx-sender == CONTRACT-OWNER.Evidence:
contracts/market-core.clardefinesCONTRACT-OWNERas a fixed principal.set-contract-pauseduses that constant directly for authorization.Impact:
Reproduction:
set-contract-pausedfrom the actual deployer.Priority: Medium
Suggested scope:
Make the owner configurable at deployment time or store an owner variable that can be managed intentionally, so emergency controls stay usable across redeployments.