Just creating this forum thread to get the discussion started since I think this issue is very significant given the current 740 million TVL of the protocol.
According to some people on discord, there is right now serious centralization risk from the “strategist” address of vaults, as this address has the potential to steal all the funds from the vaults. A simple short term solution to this risk is to implement a timelock, and only allow the governance to change the strategy of vaults.
Changing the strategist address of all active vaults that are available to the public on the main website, and implementing a timelock of a reasonable time, such as 24 or 48 hours, would significantly boost the security of the system, help attract more users, and protect the people that right now have keys that could steal 100s of millions of dollars and thus could become targets of criminals.
Right now the strategist address of a vault can instantly change the strategy to simply send all the funds in the vault to a new address. Users would have no time to react, and there is no additional safeguards beyond having access to the strategist private key - creating considerable risk for the people who control it.
Change all strategist addresses to be the governance multisig, and use a timelock contract of 24 or 48 hours - similar to what is used in many other defi projects - for making changes to the strategy of a vault.
A timelock contract should also be used to control the access to any other control points of vaults, so that vault users are given some sort of minimum guaranteed time that they can escape from the vaults if an attack occurs.
Any other external accounts, similar to the strategist account, that have some sort of centralized or authorized access to vaults, strategies, or other aspects of the system that could materially harm users should also be moved to only be under the control of the governance multisig.
- Significantly more security of the vaults
- Greater user confidence and protocol growth
- Less chance of systemic economic and reputational damage to the defi ecosystem
- Strategy and governance actions that impact vaults would not be able to be implemented as fast