Pausability
Closed this issue · 1 comments
We need to deliberately introduce whenPaused and whenNotPaused modifiers in the codebase and provide accompanying in-line comments and docs.
TL;DR: decide on upgradability before spec'ing pausability.
I think the first step here is deciding under what circumstances we will pause, and what the behaviour(s) should be when paused. Presumably we will (only) use it when there is some known or suspected issue with the contract (e.g. a bug that could be exploited, or unexpected lack of liquidity). As such I assume we will want to prevent new deposits and trades while paused.
But it is less obvious whether we should allow settlement (we want people to be able to get their money out; but there could also be an issue affecting settlement) or liquidation (liquidations reduce the risk of protocol undercollateralisation; but there could also be an issue affecting liquidation).
If we are making the contracts upgradable, then the simplest approach is to just pause all activity (including settlement and liquidation) while paused, and rely on a contract upgrade to make things like settlement and withdrawal available ASAP.
With non-upgradable contracts, the balance is trickier. In an ideal world we may like multiple pause modes, but if it is arguably too close to launch to introduce that now.