Change deployer role to not be able to withdraw

Torque-Money / Dev-Environment

Smart contract dev environment.

GNU General Public License v3.0

1 stars 0 forks source link

Change deployer role to not be able to withdraw #8

Closed BenGOsborn closed 2 years ago

BenGOsborn commented 2 years ago

This is dangerous because it would allow the deployer to be able to "rug" the protocol, and its presence within the contract builds complete distrust. Find a way of preventing this possibility from happening.

To achieve this I could possibly set the pool in the constructor, and then just have the deployer be able to change the tax collector.

BenGOsborn commented 2 years ago

Fixed in ca1871fe0aba415c0bcc3b602892518f46869117 by making the margin be set once only by the original owner, and then the owner may only control the tax accounts and the approval of tokens.

BenGOsborn commented 2 years ago

However, this does not solve the problem of being able to reuse the pool if a new margin protocol is approved. But for this to be possible, it means that the owner could set the margin as themselves and withdraw at any point.

The safest option, for now, is to just redeploy a pool every time.