Summary:
addMinter
and setGovernance
are the most crucial smart contract functions. It can break the entire system and put so much money at risk when a bad actor’s address is set as a minter or governance. This can happen when there is a hostile takeover or if the multisigs are somehow compromised. Will those scenarios happen? I doubt it. However, we should still future proof and improve the security of the smart contract. To provide additional security and times for everyone to get out if that were to happen, I propose that we add a 2-3 days timelock for addMinter
and setGovernance
execution.
Abstract:
Add a 2-3 days timelock to all yEarn smart contract’s addMinter
and setGovernance
functions.
Motivation:
Increases security and confidence of the smart contracts. In case of catastrophes, everyone will have ample of times to get out.
Specification:
This is a high level overview of how the YIP will solve the problem. The overview should clearly describe how the new feature will be implemented.
For: add 2-3 days timelock before addMinter
and setGovernance
become effective
Against: No changes. All functions call will effect immediately
Poll:
- Add 2 days timelock
- Add 3 days timelock
- No Changes