The maker protocol has grown significantly and is securing more assets than ever, as well as more battle tested than ever. The emergency shutdown feature has always been a critical part of the design of Maker, as it makes it possible to reduce the severity of many types of critical issues (such as governance attacks) to simply the shutdown of the protocol, rather than e.g. stealing all the collateral.
However, we are reaching a point where the core Maker security is so battle tested that the emergency shutdown feature is beginning to become a risk rather than a solution, as it increasingly looks like the most likely place for someone to try to damage the system, with only 75000 MKR currently needed to trigger ES. This is honestly making me quite nervous at this stage, and I dont think we should wait with fixing the vulnerability.
I propose we double this to 150000 MKR to make the risk of a sudden ES significantly lower and the system as a whole safer and more reliable.
To balance this change and mitigate the possibility that it might make a governance attack more attractive, I propose we also double the Governance Delay from the current 48 hours, to 96 hours (4 days). This way it will provide enough time to gather together enough MKR to react to a governance attack - obviously its not really possible to quantify this, but I think doubling both parameters is the simplest option that feels right.
- Yes, increase the ESM threshold to 150000 MKR and the GSM delay to 96 hours
- No, keep it as it is
Next Steps (added by LFW)
This poll will end on Thursday 21st October, and will proceed to an on-chain poll the following Monday if it ends successfully.