Reviewed with Community Board Members
Foreword: the idea / concept of the Guardians and its implementation must be credited to Illia Polosukhin
1. Problem
At the contract level, when something is going poorly (performance issue, critical bug, malicious attempts, etc.), it is important that Ref Finance has a plan to mitigate (i) the risks of contagion and (ii) the impact of that event (including loss of funds).
Often, turning off the frontend is not good enough because this action does not prevent bots to operate, for example.
2. Solution
Guardians can be described as the key components of a Fail Safe Procedure. Guardians will have the ability to pause the contract, allowing the team to investigate and respond to a specific event while mitigating the impact of that event.
3. Roles and responsabilities
Guardians have a specific privilege allowing them to pause the contract. Comes with this privilege the responsability to identify any situations that can trigger the action to pause the contract.
Situations that can be defined as, but not limited to:
- Ongoing attack and / or exploit
- Critical bug identified in production (not yet exploited)
- Release / Deployment causing a potential security vulnerability
- Etc.
4. Pause Contract Procedure
Creation date: 22/09/2021
Pre requirement: Guardians must know how to handle NEAR CLI and make contract calls
Procedure
- Identify a situation that qualifies / justifies to pause the contract
- Double check the facts that qualify the situation as eligible
- Pause the contract
- Inform the Core Team
- Inform the Community
5. Features
- Guardians are managed by the Owner of the contract
- Only Guardians and Owner can switch the contract state to ‘Paused’
- Only Owner can resume the contract
More info: Feature guardians by marco-sundsk · Pull Request #50 · ref-finance/ref-contracts · GitHub
6. Guardians
The first batch of Guardians will be selected at the discretion of the Dev Team and will be limited to a small number (<5).