[Proposal] Balancer V2: Authorize Balancer Labs to emergency pause

The Balancer V2 core smart contracts were deployed to mainnet earlier this week, and the full UI launch is right around the corner. In the final days leading up to the launch, the core dev team at Balancer Labs intends for the Balancer Governance Multisig to execute additional authorizations on chain. But Balancer Labs has no decision-making power over the Multisig, which is strictly governed by BAL holders.

The authorizations to be ratified by this proposal would enable a Balancer Labs EOA to control the system’s emergency pause mechanism during its first 3 months.

Motivation

The Vault and WeightedPool smart contracts have an emergency pause period which is hardcoded at 3 months from deployment time. During the pause period, the Balancer Governance Multisig has the power to gracefully pause the system in case vulnerabilities or issues arise. Funds can always be withdrawn by users, even during an emergency pause, and the pause is only to be invoked in situations where user funds may be at risk.

Since gathering 6/11 multisig signers during an emergency may not be feasible or expedient, we propose also authorizing a single EOA (0x170027069fd114BFF2f57B0FC796df93290C02a6) to pause the system. The EOA will be controlled by a handful of stakeholders at Balancer Labs across different time zones to ensure short response time. Note that after the 3-month pause period ends, neither the Multisig nor the EOA will have any pause power; Balancer V2 becomes unstoppable.

Specification

The Balancer Governance Multisig would submit 2 transactions as follows. Here, “Multisig” refers to the Gnosis Safe at 0x10A19e7eE7d7F8a52822f6817de8ea18204F2e4f and “Authorizer” is the smart contract deployed this week at 0xA331D84eC860Bf466b4CdCcFb4aC09a1B43F3aE6.

  1. Grant Balancer Labs EOA ability to pause Vault
    Multisig → Authorizer → grantRole(0xb5593fe09464f360ecf835d5b9319ce69900ae1b29d13844b73c250b1f5f92fb, 0x170027069fd114BFF2f57B0FC796df93290C02a6)

  2. Grant Balancer Labs EOA ability to pause WeightedPools
    Multisig → Authorizer → grantRole(0x3c7de1d8a207c7901ec612f9f0f50957da016911a50d5c22bbe5c9f4f3392d95, 0x170027069fd114BFF2f57B0FC796df93290C02a6)

For transparency’s sake, a developer could reproduce the bytes specifying the roles above using this pseudo-code:

vault.getActionId(vault.interface.getSighash('setPaused')); // 0xb5593fe09464f360ecf835d5b9319ce69900ae1b29d13844b73c250b1f5f92fb
pool.getActionId(pool.interface.getSighash('setPaused')); // 0x3c7de1d8a207c7901ec612f9f0f50957da016911a50d5c22bbe5c9f4f3392d95
2 Likes