[oneshoe]

Quite honestly, that's quite scary. The ability to just change an oracle sounds like a backdoor (and not De-centralized). I'm not exactly familiar with Poly - but, I thought that was the sell of Link, was the idea that you are dealing with Oracle pools rather than a specific, single, Oracle?

[ikeboy]

There's a timelock where any such changes are delayed by 12 hours. So if they were to submit a transaction that people didn't like, they could exit - this significantly reduces the expected value of trying to steal funds since most of it will vanish. But it's useful to be able to tweak some parameters in case of bugs such as this.

[pavel_lishin]

12 hours is not a lot of time.

And what does it mean that they could exit, when the contract itself was completely broken in the meanwhile?

[ikeboy]

It's enough time for most people to exit during normal circumstances. Sometimes longer periods are used. Definitely better than nothing.

In this case people wouldn't have been able to exit due to the bug, correct.

[PragmaticPulp]

> It's enough time for most people to exit during normal circumstances.

Most people don't monitor the finer details of their investments 24/7.

12 hours is better than nothing, but it's unrealistic to expect everyone to stay tapped into news feeds about their crypto at minimum twice a day.

[seoaeu]

Yeah, 12 hours means you can't even count on watching during business hours, you need to constantly be checking evenings and weekends too.

[ikeboy]

The main benefit is reducing the incentive for the developers to steal. If you know 90%+ of the funds will disappear before you can do anything then it's much less attractive (where the alternative is making money by fees over time if the protocol is successful).

The risk needs to be balanced with the risk of funds lost because of a smart contract bug that can't be fixed. Different projects make different choices here.

[blake1]

I think an unscrupulous developer would find 10% of $275mn to be a pretty big incentive. Sure it’s relatively less, but still a very large number.

[TigeriusKirk]

People doing esoteric DeFi are tapped in much more often than that. I'd agree in a broad general use case it's not enough time, but for DeFi as it is today, it's plenty.

[senjin]

But we're not watching contract changes. We're relying on that from 2nd and 3rd hand sources that might not be available in a 12 hour window.

[nadahalli]

Most smart contracts on Ethereum, or other blockchains are only immutable in their marketing material, but not in practice. Either they use an obvious PIMPL/Proxy contract (OpenZeppelin, a popular smart contract library suite has proxy contract that many others use: https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies), or they have other subtler hooks that can be used to change what ABI/function calls to the smart contract does. These hooks are only usable by privileged actors (surprise surprise).

Smart contracts being immutable is a joke, almost. And more importantly, even if they were immutable, proving that formally for a Turing complete language is impossible.

Bitcoin smartly avoided this by making its smart contracts dumber.