Comments (6)
petrovska-petro
commented on September 26, 2024
probably worthy to be batch whenever #1277 is posted
from badger-multisig.
sajanrajdev
commented on September 26, 2024
I agree on changing the guardian to a live Multisig and it should be one with very little overlap with Dev, for instance TechOps. The reason for this is that the guardian should be able interfere vetoing malicious transactions in case that dev is compromised.
I would defer to @GalloDaSballo and @dapp-whisperer for the best configuration though.
from badger-multisig.
GalloDaSballo
commented on September 26, 2024
@dapp-whisperer if we want to be super cautious guardian could be a List of EOAs
Else can use techops or similar
No strong opinion until I understand the goal of the timelock
from badger-multisig.
petrovska-petro
commented on September 26, 2024
the goal of the TL is to put the minting/burning actions of badger token behind that
currently it could happen atomically by the devmsig
and to keep higher sec standard we want to keep it behind TL at least
cc: @GalloDaSballo
from badger-multisig.
gosuto-inzasheru
commented on September 26, 2024
so without the guardian role being able to call cancelTransaction, the timelock really only serves one purpose: telegraph an upcoming change (such as a upgrade or parameter change) in the badger system. the only entity able to cancel that queued change would be the dev msig itself.
being able to cancel queued transactions from another msig (guardian role) would increase security in cases where the dev msig is queueing up malicious transactions. note that this 'veto' permission does give the guardian the ability to grief the timelock by cancelling everything that gets queued.
both should be trusted and have high security imo for that reason.
@GalloDaSballo how can the guardian be a list of eoas? only way that could work imo is by setting up a separate multisig owned by these eoas with a threshold of 1..
i would say techops is best option for now too, and agree to batch it with #1277
from badger-multisig.
gosuto-inzasheru
commented on September 26, 2024
edit: setGuardian does not need to occur through a timelock, so the guardian cannot protect against a malicious dev msig. only make cancelling easier.
from badger-multisig.
Related Issues (20)
- week 1: incentives HH Bunni HOT 2
- week 3: Treasury voter needs to cast vote for Liquis gauges round HOT 1
- week 3: incentives Paladin Bunni HOT 5
- week 3: incentives Paladin Liquis HOT 3
- Allow claim back `BADGER` FROM HH/Paladin when eligable HOT 5
- Pay Community Discord auditors HOT 1
- trops $liq top-up from vault HOT 1
- Complete scripts for liquis infrastructure
- fund llamapay with $usdc and correct streams starting too late HOT 4
- week 5: Treasury voter needs to cast vote for Liquis gauges round HOT 2
- TCD#42: Q1 association funding 24' HOT 1
- Add new Association's Payment multisig to the address book
- week 6: run Liquis TCL Strategy HOT 1
- week 5: incentives Paladin Liquis HOT 3
- week 5: incentives Paladin Bunni HOT 4
- week 5: recycle back $liq incentives HOT 2
- Batch tcl liquis strategy and $liq transfer to trops
- week 7: Liquis Gauge Vote and Incentives Claw Back HOT 1
- week 7: incentives Paladin Bunni HOT 2
- week 7: incentives Paladin Liquis HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from badger-multisig.