Content
@
0 reply
0 recast
2 reactions
shazow
@shazow.eth
Idea: Overloading Rollup Governance (warning: somewhat cursed) Stage 1 rollups rely on a multisig to allow for upgrades, involving diverse and high quality sets of signers, and often have timelocked votes that can be overwritten by a larger DAO. So much effort went into this, what if we... 👉👈 overloaded it? Imagine we anon-launch a successful dex on Arbitrum, but we include some anti-hacking mitigation like circuit breakers/throttling if too much funds move over a time period (or something even cleverer). Who would credibly govern over the circuit breaker? What if we pick the people who already have power over how our execution layer behaves, who could already alter our contract if they were really motivated. What if our contract gives control to arbitrate to the Arbitrum Security Council multisig, *without their consent*? This may be a cursed idea, since it's parallel to @vitalik.eth warning of L2's overloading L1 governance. Should we fear contracts/apps overloading L2 governance? Or embrace it?
3 replies
0 recast
2 reactions
maurelian
@maurelian.eth
Such groups would probably be wise to publicly express refusal to take on such a role even if it was given to them.
1 reply
0 recast
2 reactions
shazow
@shazow.eth
I agree with you and @xmon.eth in principle. But how do you think this would play out if such groups expressed refusal, but were still given this power against their consent and then say $10M of "innocent people's money" got trapped in a contract that the group could easily rescue?
1 reply
0 recast
0 reaction
0xmons
@xmon.eth
they could just commit to burning all ownership they get then there is no recourse
1 reply
0 recast
0 reaction
shazow
@shazow.eth
Can you expand? How does one burn ownership if I have a contract that gives a pre-existing multisig permission to execute a recovery function? They'd burn the entire multisig and migrate the whole infrastructure to another multisig just for that?
1 reply
0 recast
0 reaction
