There’s a perfectly good reason why the original Compound code didn’t have pauseGuardian activated, in the name of protocol safety - in the original formulation, a compromised pauseGuardian just inconveniences new users; the new proposed comptroller will allow a compromised pauseGuardian to grief ALL users.
If you look at the comments for the Pause Guardian, this is the original and correct intent.
* @notice The Pause Guardian can pause certain actions as a safety mechanism.
* Actions which allow users to remove their own assets cannot be paused.
* Liquidation / seizing / transfer can only be paused globally, not by market.
I recommend removing the onlyProtocolAllowed in all places where its added, where previously in Compound wasn’t.
As I understand, the pauseGuardian is already set to an EOA, and also acts as a deployer for Strike, so a compromise - either by regulatory / legal compulsion or a hack - may have serious ramifications.
Would also propose performing more external audits before deploying - so that such issues will be flagged out. The Strike team has been adding significant amount of new code to the Compound V2 base, and there may be unexpected interactions in the new code.
Yea I understand the purpose of borrow and supply cap, and the purpose of the pauseGuardian. I’m saying the changes to the pause guardian potentially affects users funds, in new ways due to the code change.
Please help to escalate the issue to the dev teams thanks!