The CBDC pilot in Brazil allows users to freeze and unfreeze wallets, as well as transfer, mint, and burn cryptocurrency.
This past week, Banco Central do Brasil made the CBDC source code available for public review and scrutiny on GitHub.
Soon after Brazil launched its CBDC trial, developers discovered some worrying features in the project’s source code, such as techniques to manage individual wallets and the cash they store.
Quickly, the program dove into the code, and they discovered that the “Access Control” section of the smart contract included administrative features that the central bank could make available to vetted third parties.
The purpose of Access Control here is analogous to that of computer network permissions or credentials. Its primary function is to enable authorised parties to mint and destroy CBDC tokens at any address in the network.
A number of alarming functions that may be run by entities that have Access Control authorization were discovered by full-stack developer Pedro Magalhes via a reverse engineering.
Among these options are the ability to temporarily halt withdrawals and transfers and the complete ability to freeze and unfreeze a wallet at any time.
The CBDC’s test version does incorporate these features, as certified by the Brazilian central bank. However, it was not made clear whether or not these features will be included in the final product.
The watchdog also mentioned to local media outlets that such capabilities already exist in the conventional banking system to prevent illegal financial activity and that their usage is strictly restricted by the government.
Also Read: Vitalik Buterin’s Ethereum Linked Wallet Investment in OKX, 2013