jkilpatr
commented
2 years ago Generally agree that a governance function to pause withdraws is a good idea. But this would be entirely on the Cosmos side, on the Solidity side having more state for pause/unpause seems to act as a larger attack surface more than a help.
albertchon
loudoguno
Handle
tensors
Vulnerability details
In case a hack is occuring or an exploit is discovered, the team (or validators in this case) should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that upgrades can be made by the validators.
Because an attack would probably span a number of blocks, a method for pausing the contract would be able to interrupt any such attack if discovered.
To use a thorchain example again, the team behind thorchain noticed an attack was going to occur well before the system transferred funds to the hacker. However, they were not able to shut the system down fast enough. (According to the incidence report here: https://github.com/HalbornSecurity/PublicReports/blob/master/Incident%20Reports/Thorchain_Incident_Analysis_July_23_2021.pdf)
Pause functionality on the contract would have helped secure the funds quickly.