Dual Governance landscape: killswitch

Despite our efforts to ensure Lido's protocol stability, we must be prepared for rapid responses to critical threats or errors. The primary aim is to minimize potential losses and ensure robust protection of user assets.

Core Objectives of an Irreversible Shutdown Mechanism

As we consider introducing an irreversible kill switch mechanism for Lido, the following delineate the core objectives we aim to achieve:

Establish a Definitive Endpoint: Ensure that, once activated, the protocol undergoes an absolute termination, eliminating any possibility of resumption or reactivation.
Guarantee Asset Safety: Prioritize user asset security by providing a structured pathway for users to seamlessly reclaim their Ethereum during the shutdown.
Act as a Strong Deterrent: Create an environment where the presence of such a conclusive shutdown signals to potential threats about our unwavering commitment to safeguarding user interests and protocol integrity.

Through these objectives, we highlight our dedication to not only react to threats but to establish preemptive measures that underscore Lido's commitment to its user base and overall system resilience.

Proposed Voting Mechanisms

To enhance protocol security, it's essential to deliberate on the various mechanisms available for activating the kill switch:

Voting through the DAO:

Description: The DAO serves as the primary governance body of the protocol.
Advantages: Represents all key stakeholders.
Drawbacks: Voting may be time-consuming, which can be critical during emergencies.

Establishing a Separate Committee:

Description: A committee of experts and trusted community members.
Advantages: Enables rapid response, ensuring swift activation of the kill switch during emergencies.
Drawbacks: Possible risks of decision centralization.

Important Note: There's an inherent risk that one of the aforementioned parties could be attacked or compromised. This factor should be taken into consideration when choosing and configuring the kill switch activation mechanism, possibly employing a combined approach for enhanced security.

Risks and Considerations

The introduction of a kill switch, while beneficial in certain scenarios, comes with its own set of risks and concerns. Here are some key considerations:

Potential for Misuse: There's a genuine risk that malicious actors, competitors, or even those with short-term interests might exploit the kill switch, causing undue disruption or harm to the protocol and its stakeholders.
Economic Implications: Abruptly disabling a protocol can result in panic among its users, potentially affecting the market dynamics of the associated tokens and leading to financial instability for stakeholders.
Technical Complexities: Incorporating a kill switch introduces additional technical layers to the protocol. This complexity might inadvertently create vulnerabilities or cause unforeseen interactions with other elements of the protocol.
Recovery and Restart Concerns: If there's ever a need or decision to reactivate or rebuild parts of the protocol post-kill switch, the process could be challenging, complex, and time-consuming.
External Pressure and Coercion: There might be scenarios where external entities (e.g., regulatory bodies or hostile actors) exert pressure to activate the kill switch, potentially leading to premature or unwarranted shutdowns.

The decision to implement a kill switch should be taken with a thorough understanding of these risks, ensuring that protective measures and controls are in place to minimize potential adverse outcomes.

Comparative Analysis

MakerDAO is a notable example in the DeFi space, having implemented a dedicated Emergency Shutdown mechanism that aligns closely with the concept of a kill switch. On the other hand, several other DeFi projects, including Yearn Finance, Compound, Aave, and Uniswap, possess mechanisms that incorporate elements resembling a kill switch. However, it's crucial to understand that these aren't fully-fledged kill switches in their entirety and functionality.

Select a repo