The current governance vote will execute a spell that uses
CHANGE_LOG contract to fetch the
vat address and all the
0xda0fab060e6cc7b1C0AA105d29Bd50D71f036711 is an EOA (and in particular is not controlled by the governance, it seems to be connected to
Maker Deployer 5, maybe it is the 6th Maker Deployer address?).
This address can set a malicious value to
MCD_VAT, and as a result either revert any attempt to the execution of the spell, or cause only part of the spell to get executed.
It does not seem a real damage could be done beside forcing only partial execution, but idk if e.g., raising YFI-A
line without raising
Line will have any side effects.
From my side, I have a smart contract (B.Protocol) who relies on CHAIN_LOG, and it would be nice if in the long term only the governance (
ds-pause) would control it.