| It is important that users come to better understand the different risk profiles between: 1. Owning ETH with a non-custodial wallet. 2. Owning ETH on a CEX. 3. Depositing ETH into a smart contract to receive a wrapped asset. This includes rollups and L2s. The majority of major crypto hacks[1] are in the 3rd group, and almost all of these hacks are related to protocol updates and governance. Either: the developers update their code, and accidentally push a bug, or one address or a group of addresses are allow-listed some privileged actions in the contract and that can become a weak point. Proxying and governance isn't the only way to design contracts. Two examples counter to this that are more robust are WETH ($6B) [2] and ETH2 Deposit ($20B) [3] which cannot be attacked in this way. If users wanted a new feature from the WETH contract, they would have to manually migrate over to the new address. Eventually we might see this kind of design be applied to bridges and rollups. [1] https://rekt.news/leaderboard/ [2] https://etherscan.io/address/0xc02aaa39b223fe8d0a0e5c4f27ead... [3] https://etherscan.io/address/0x00000000219ab540356cbb839cbe0... |