Should pause actions on a smart contract only require a single signature?
Please share reasons, experiences, and intuitions.
One of my teammates proposed that the pause emergency action of a contract should be controlled by a multisig with a threshold of 1 of N. Meaning a single person can pause the protocol, which goes in line with the quick response that an emergency situation requires.
This is risky because pausing the protocol is not a harmless action. At the very least it could cause annoying denials of service. For smarter adversaries it could be precisely timed to severely harm a specific party.
My intuition goes against this. I think the pause action should be controlled by a 2 of N multisig, with two of the signers always on call to react quickly.
We asked the community and it was not what I expected. But I take it, this is a faster-paced ecosystem, and sometimes even a few extra seconds can be disastrous.
Still, I would like to hear more reasons, experiences, and intuitions. Further than a yes or no question, what do you folks think?
We are collecting this information as part of Defender Advisor, a knowledge database with curated information coming from us, our clients and the greater community, to help us build a safer, healthier, more peaceful and enjoyable crypto ecosystem. Sign up and take a look! Then lets make it grow together