Relevant smart contracts:
The Sustainability Module provides funds to critical system components such as the Oracle Network Medianizer in order to function properly, even in the absence of governance power over the protocol.
StabilityFeeTreasury - this contract tries to keep an "optimum" amount of stability fees for itself in order to make sure it can provide funds to other contracts (or in some cases, people) that maintain the protocol's well-being. Anyone can periodically call a function to recalculate the optimum amount of funds to keep in the treasury. Any surplus above optimum values is transferred to the
A bug in the
StabilityFeeTreasury would potentially block other contracts from pulling funds or would incorrectly calculate the optimum amount of funds to keep in the contract (
A bug could also prevent the treasury from sending extra unused resources to another address using
Governance might set an incorrect address as the
AccountingEngine or could maliciously withdraw the permission of core contracts to pull funds. Governance could also allow malicious contracts to drain the treasury.
Governance can withdraw their power over this module if two conditions are satisfied:
All treasury dependent contracts were set up correctly (can withdraw enough funds to function properly).
All external actors (if any) have the necessary permissions to pull funds from the treasury.
StabilityFeeTreasury is part of the Level 2 Gov Minimization. That being said, governance should maintain control only over setting
total allowances to their initial values for every address that's currently authorized to
pullFunds from the treasury.