|Author||Justin J Moses|
Add a new
SystemStatus contract to allow both synth pausing and system upgrades, as well as other security measures.
SystemStatus contract can hold various types of state for system events. These include: system upgrades, issuance and exchange controls, and synths disabled due to security concerns, or in the short term, suspended during out-of-trading hours for the underlying asset.
There are a number of conditions where the Synthetix system needs to be able to pause. These are as follows:
- During upgrades: Currently we have a workaround to disable the entire protocol by setting
1. This is fairly rudimentary and needs improvement. Moreover a better reject reason will go a ways towards helping users address concerns during these windows.
- Security meaures: There have been occasions where synths have needed to be disabled immediately, such as during the attack on sMKR and iMKR (see SIP-34). This gives the team and community time to investigate the situation and determine the next steps with minimal impact to the rest of the system. Moreover, we’re continuing to build live monitoring software that can detect and disable synths whenever an attack is launched.
The following areas can be suspended:
- System: All synth and SNX transfers disabled. All exchange, issue, burn, claim, loan and mint functionality disabled. This is both for system upgrades and under possible emergency situations.
- Issuance: All sUSD issuance, burning and claiming disabled, along with any loan actions.
- Exchange: All synth exchanges and settlement.
- Synth: For the synth in question, all transfers of, settlement of, and exchanges into or out of disabled.
Access to the above controls will be restricted to an
accessControlList, a whitelist of addresses that for each section above, can
resume. This whitelist will be managed by the
Furthermore, each suspension must include a
uint reason. Apart from the single reason
SYSTEM_UPGRADE, these reasons are purely for dApps and scripts to indicate to users why certain parts of the system are unavailable.
Note: Exchange suspension will remove
Exchange.exchangeEnabledfunctionality and this SIP will remove it.
The Access Control allows the
owner to configure the right kind of emergency system pause access to a range of manual and automated protection mechanism if anomalies or exploits are detected.
Copyright and related rights waived via CC0.