han-so1omon
commented
8 months ago For clarity, here is the full scenario:
Summary
A contributor (project team) has an active project in the CPS. They establish the wallet that the funds will disburse to when valid payment conditions are met.
Problem
The problem arises when there is an issue with this wallet. In this case, if the wallet is compromised, the funds will continue to disburse to the compromised wallet, thus making it impossible for the project team to receive payment
Solution
What should happen is that the CPS admins (or review committee in the future) should be able to change the fund disbursal wallet if the current wallet has been blacklisted
This requires the project team to have their current wallet blacklisted
What needs to be done
This issue has been raised due to our scenario of the contributor wallet getting compromised. Therefore, we urge the CPS team to update from the smart contract side to direct the contributor wallet of our proposal to another one.