Contract upgrades, admin keys, hacks & exploits
- TaaE tokens have fixed scope and duration.
- Every phase change, from bootstrap, distribution and redemption is one-way with predictable timing.
- The final state of the system is that hodlers receive rewards and slowly drop out to the underlying asset as a one-way move, or hold a frozen asset indefinitely if they choose to.
- Every new token event requires a new Trust with its own lifecycle.
- If a vulnerability is found in a version of the Trust the theoretical maximum damage of an exploit is capped at the current locked reserve across the pool and token across vulnerableTrust contracts.
- By versioning and newly deploying Trust contracts, any fix to a discovered exploit will be available for all new Trust contracts after that point. There are no admin keys as the Trust performs all administrative tasks on the child contracts.