SSL-08 - Implement recommendations
Closed this issue · 7 comments
Please implement the recommendations from Zinstitute regarding issue SSL-08.
And implement a maximum possible fee of 10% (or lower).
There should never be a case where the fee for withdrawing the assets would need to exceed 10%.
Bring back some trust to the community. Thank you.
Our max fee cap is 10%. I don't see how this is an issue.
Please re-open this issue if you find any reasonable argument against this.
Well, reading the audit report, the conclusion read to be that you would be able to set the fees to whatever you want. And the report also read that you wouldn't change this behaviour.
Now, reading through the code it seems to have been (partially; see below) addressed in this commit: da4cfbf
I assumed that what was written in the report to still be accurate. Apologies, I should have looked through the code again.
I am no smart-contract developer, so unfortunately I do not know how to verify these things that are still left to (possibly) be addressed from this point in the audit (SSL-08):
- Has the updated contract (see commit) been pushed to the blockchain/is it live?
- The ownership has probably not been renounced (yet), but at some point will it be?
- Once Governance has been developed? Is there a timeline for this?
- Because as it stands now you would (I believe) easily be able to push out another update to the contract where these restrictions aren't in place anymore.
It would be very good to be clear and upfront about this.
Thank you.
Hi @GH-SSO ,
- LunaX has been deployed at commit 40cc0c5, so we are live with the max fee cap of 10% of the rewards.
- Governance is in the works. https://blog.staderlabs.com/stadernomics-non-stop-rewards-for-sd-hodlers-9f4611fe3640 You can read more about our tokenomics here. I can't commit on a deadline in public but we are definitely working on it.
- Our admin key which is authorized to update our contract is a multi sig with 8 addresses including folks from the TFL, known VC funds, key community terra validators and members. https://finder.terra.money/mainnet/address/terra130g36z2jen9plggsu72l2p5uarkpkfrxkfltnp Changing our code requires 5 out of 8 parties to auth the multi sig
Hope this answers your questions @GH-SSO We appreciate your questioning.
Hi @bharath-123,
Thank you very much for clarifying this. Very much appreciated!
Good to see the openness about these important things.
Looking forward to the launch of Governance.
Sorry to bother you some more, but it is unfortunate to see the launch of this not mentioned in the Phases on the blog you linked. Nor mentioned in the Litepaper.
I understand you not being able to mention a deadline, but could you tell me if this is still part of v2 (Litepaper)? Or would this be considered v3? (And/) Or in regards to the blog post, would this be part of Phase 2 or 3? Or is this considered to be Phase 4?
It would be good to have an idea of where in the Roadmap the Governance feature is planned. To get a sense of the priority given to this (at this point in time).
Thank you kindly. And apologies for being such a nuisance ;-)
hi @GH-SSO I apologise for the late reply as you clearly know how things have been for us on terra. I feel a better place to raise these questions would in our discord/telegram channel as you can be visible to people who are responsible for stader's strategy.
I hope I have answered your tech questions. We would like to reserve our github for pure technical discussions.
Closing this issue @GH-SSO Please raise it if you see anymore issues.