banteg
commented
2 years ago the solution is simple, this functionality should be removed and veyfi should be made immutable and trustless as i've shown is possible in #160.
Closed storming0x closed 2 years ago
banteg
commented
2 years ago the solution is simple, this functionality should be removed and veyfi should be made immutable and trustless as i've shown is possible in #160.
storming0x
commented
2 years ago closed by #160
With method setVE https://github.com/yearn/veYFI/blob/a1eb7ab4a86df05c5451ea64667d123869800f75/contracts/Gauge.sol#L131
Owner can potentially set VeToken contract to a mock token before/during rewards and boost specific accounts or change supply and other methods from veYFI that affect reward calculations.
e.g: https://github.com/yearn/veYFI/blob/a1eb7ab4a86df05c5451ea64667d123869800f75/contracts/Gauge.sol#L433 https://github.com/yearn/veYFI/blob/a1eb7ab4a86df05c5451ea64667d123869800f75/contracts/Gauge.sol#L441
This is an important trust assumption, not sure what was the use case for the design around migrating veToken on specific gauges, if a migration even happens users may altogether withdraw from gauge vault shares and exit to new gauge.
I guess the option is to renounce ownership also losing sweep functionality, in any case that may be a good tradeoff