Replies: 2 comments
-
|
I can't agree with this solution since it depends on how the code is written. We can create hundreds of accounts and not be able to solve the issue (which doesn't even exist yet). Or, instead, we can focus on security while writing a code, ask for a security audit, and run a bug-bounty program. |
Beta Was this translation helpful? Give feedback.
-
|
currently the treasury is something like a multisig, so nothing bad about it. but: possibly we should either be able to add custom addresses to the treasury, e.g. if a dao wants to use custody services, these usually feature multiparty computation. something for a feature on the roadmap for treasury V2, i'd say. I also agree with vova, the code which is used in prod should be robust enough after an audit. |
Beta Was this translation helpful? Give feedback.
-
General
At the moment every organisation have one treasury account, associated with it.
This account is used to store all the tokens organisation owns.
Problem
In case any treasury will have significant amount of funds stored in it's treasury we would like to diversify it from risks, associated with stealing all the funds from the treasury.
Solution
One way to do such is to create pool of accounts to use for treasury, every account holding not more then certain amount of tokens.
So in case any malicious user for any reason will gain access to any of those accounts, he would not be able to control all the funds but only some part of it, isolated in single account he got access to.
@2075 feel free to add any more information in case I am missing something or correct me if I am wrong.
@vovacha @5-mark would like to hear your thoughts on this as well.
Beta Was this translation helpful? Give feedback.
All reactions