Hey @zachobront, thanks for sharing your perspective on this proposal. We appreciate it, especially given your position.
Many, if not all, of the risks you described are very valid points.
As far as I know, the proposal follows the previously published audit framework, falling into the safety and reputational category. A bug does not immediately compromise the system since it implements various defensive mechanisms, including the Guardian setup itself. Therefore, some bugs are expected, and the security setup needs to be prepared for them.
Right now, I would appreciate having a complete understanding of your perspective. If this upgrade does not move forward, what would be viable actions to resubmit it? Should we wait for the audit contest to be completed or pay for a new audit?
I am happy to see a careful evaluation here, reconciling the security efforts made by core developers with what is believed to be concretely left to do. It is impossible to determine when code is completely bug-free, even with several audits completed. However, we should ensure that our reputation is not easily put at risk (e.g., if several bugs are found shortly after implementation).
For us, if there is a clear risk that we can feasibly avoid, we should make every effort to mitigate it.
I love seeing these conversations happen and am happy that other delegates share their perspectives based on what is described above. CC: L2Beat team @kaereste and @GFXlabs, as well others.