What are Polymaths plans for Sudo and Bridge Admins?Answered
The Sudo pallet gives the sudo key holder unrestricted ability to call permissioned onchain function. This user can bypass governance and if the key is compromised or the holder acts maliciously has potential to do a lot of damage. Sudo is a centralized vulnerability for the blockchain. I can appreciate why this pallet may be required when launching to avoid Governance for initial tweeks that may be needed but is there a plan by Polymath to relinquish control of the sudo account or remove the Sudo pallet through a runtime upgrade through the governance process (as was done on Polkadot) once the Governance council and committees are established? Similarly the Bridge admin (same key as Sudo on ITN) has unrestricted ability to mint POLYX he can bypass the bridge multisig and even take control of the multisig (he doesn't need to as he already has privileges that allow him to propose bridge transactions. The bridge is planned to be open for "at least 1 year" post mainnet launch. What steps are being take to limit this single point vulnerability during this period. Post the 1+ year period is it planned to remove the bridge pallet through a runtime upgrade to eliminate the ability for new POLYX to be minted? Clarity about these points as we approach mainnet launch would be greatly appreciated.
Please sign in to leave a comment.