As far as I understand, protocol upgrades will be proposed on Snapshot, requiring a 51% approval. However, Optimism Foundation still maintains a backdoor with emergency upgrades possible. In this post, Iāll cover some ideas for how we can decentralize this as well.
- The bridge has circuit breakers - i.e. if thereās anomalous activity it pauses and notifies watchers.
1.5) Certain components can be immutable or require regular protocol upgrades, if possible. E.g. bridge funds cannot be touched via emergency upgrades. - Optimism Foundation retain emergency pause rights (i.e. they can pause the network outright), but cannot push an emergency upgrade through.
- Thereās an emergency council consisting of top N delegates + M representatives from Optimism Foundation, where M < 1/3(N+M). 2/3(N+M) can approve emergency upgrades with no timelocks. (Can be a more gradual transition as OP is distributed.)
- The emergency council can veto emergency pauses by the Optimism Foundation.
- Over time, Optimism Foundationās emergency pause rights and voting rights on the emergency council are deprecated.
- Further over time, emergency upgrades have timelocks added, depending on approval. E.g. if 100% of top N delegates vote, no timelocks; however if only 51% vote then X days.
- As the protocol matures, the emergency council is dissolved, and all protocol upgrades go through the regular process.