YIP: Multisig Guardian

Multisig Guardian

Basic Summary

The Guardian role in the Compound governance module allows for the veto-ing of proposals. This is a helpful mechanism to provide an additional layer of security for the protocol to prevent governance takeovers. While this threat was greatest in the early days of the protocol when delegation was low and a vote AGAINST a malicious proposal might not have been feasible, it is still a valuable security measure to have.

As such, I propose to transition the Guardian role to a 3/5 Multisig.

Motivation

Currently the Guardian is set to the YAM Deployer address, controlled by Brock. He has never had to use the Guardian, and in many ways its very existence acts as a deterrent, but it is an unnecessary single point of failure for the protocol and adds unnecessary risk to his person and the protocol.

Specifications

Create a multisig with the following signers, create new Governor with multisig as governor, update admin of Timelock to new Governor:

• Feddas (Full-time Ops)

• Nate (Full-time Smart Contract)

• Brock (Full-time Technical Lead)

• 0xE (Full-time Full Stack Dev)

• Ronin (Chinese/English Translator + Moderator)

Poll to Measure Sentiment

hey, great governance call. thanks for posting: Yam Finance Governance Call - 12/30/2020 - YouTube

There was discussion of swapping out one of the US based signers for someone else. This is probably a good idea but I doubt we need to worry significantly about it at the moment. The guardian should be rarely (hopefully never) needed and the likelihood of some massive event stopping all 3 US based signers seems very small. But something to keep an eye on moving forward as we gain more contributors from diverse locales.

I nominate @HodlDwon as a replacement non-USA based signer. I am happy to relinquish my position if that works.

Feddas

I’m good with that. Or anyone else in the U.S. that doesn’t want the exposure.