Good job Asaf!
In relation to the 2-of-2 multisig, Iโd like to increase the level of resiliency & security and I suggest to add a third key, changing the wallet in a 2-of-3.
I think that a trusted, high-profile and committed name could be @Fernando, Founder at Balancer Labs. Idle protocol would be honored to have him as external signer, in case of need.
In this reply @William already talked about risks and concerns related to possible issues during the deployment of the contracts.
Iโd like to clear out the proโs and conโs of the options we have, in order to help the community to decide which one can be a good fit for this implementation. As suggested by @William, a further Snapshot poll might clarify on security review or full audit.
Professional full audit:
- estimated cost: $ 15-20k
- estimated time: about 1-2 weeks to book a slot with an auditing firm and approximately 1 week for code review
- security: high
Code review by auditing firm:
- estimated cost: $ 3-5k
- estimated time: about 1 week to book a slot with an auditing firm and a couple of days for code review
- security: medium
Peer review:
- estimated cost: $0-1.5k. The upcoming Committee might reward those volunteers with bounties (e.g. expecting 5 reviewers, $300/each)
- estimated time: about 3-4 days to get in touch with trusted and skilled developers and 2-3 days to let them complete the job
- security: medium
Happy voting!