There’s a perfectly good reason why the original Compound code didn’t have pauseGuardian activated, in the name of protocol safety - in the original formulation, a compromised pauseGuardian just inconveniences new users; the new proposed comptroller will allow a compromised pauseGuardian to grief ALL users.
If you look at the comments for the Pause Guardian, this is the original and correct intent.
/**
* @notice The Pause Guardian can pause certain actions as a safety mechanism.
* Actions which allow users to remove their own assets cannot be paused.
* Liquidation / seizing / transfer can only be paused globally, not by market.
*/
I recommend removing the onlyProtocolAllowed in all places where its added, where previously in Compound wasn’t.
As I understand, the pauseGuardian is already set to an EOA, and also acts as a deployer for Strike, so a compromise - either by regulatory / legal compulsion or a hack - may have serious ramifications.
Would also propose performing more external audits before deploying - so that such issues will be flagged out. The Strike team has been adding significant amount of new code to the Compound V2 base, and there may be unexpected interactions in the new code.
This pause guardian is responsible to take care of protect the entire market when emergency issues happen and not affect in users funds.
And entire pauseGuardian is enough than the guardian by features and supply & borrow cap guardian is more important than others to protect the markets and big whales manipulation for certain market.
Yea I understand the purpose of borrow and supply cap, and the purpose of the pauseGuardian. I’m saying the changes to the pause guardian potentially affects users funds, in new ways due to the code change.
Please help to escalate the issue to the dev teams thanks!
community tech team already know this and they want to optimize the comptroller with removing unnecessary modules. It looks current comptroller is oversize with supply and borrow caps engagement.