This is an article about Pause control which uses the recent incident of Iron finance as an example. We do not have the resources to independently verify the facts about Iron finance mentioned below. We hope to, in the future. Still based on several articles I read this is what seems to have happened to iron finance. Corrections welcome.
1) The ROI on the TITAN token was amazingly high
2) Several whales decided to exit the token
3) This started rapid panic selling
4) Iron finance social media went mute as this happened
5) The price of the TITAN token dropped to effectively zero
6) The Devs of Iron finance had the software capability to pause trading of the token, make changes to some financial aspects (perhaps with inputs from the community). They did not use this capability.
Pause Control is the ability to pause operation of all or part of a protocol. It is quite common in DeFi protocol software. However, there is very low transparency on its operation with the protocols. DeFiSafety wants to improve transparency and for this reason we added a check on Pause control in our latest review process.
Iron Finance, as our review will show, didn’t say anything about their pause control capability on their website or documentation. This is pretty typical.
For transparency reasons we believe all protocols should explain their pause capability. They should describe capabilities (as in what aspects they can pause). They should explain the triggering capability (MultiSig requiring X of Y signatures). They should explain when they will use it (hack under way, panic selling and or other reasons). Finally, they should publicly test the protocol proving to themselves and the community that all of the signers have their keys and are able to use them quickly.
I don’t know why Iron finance did not pause their protocol as their token plummeted to zero. Perhaps they were frozen with indecision. If this was the case, then a public declaration of when they should use pause capability would have helped.
Nobody publicly tests their pause control yet. We believe that mature protocols should regularly (say once a quarter) test their pause control and publicly indicate the results of a test. What does this mean? It means a third-party (DeFiSafety perhaps) triggers a random fire drill of their pause control. The MultiSig signers then have to respond as quickly as possible in order to prove they can quickly pause the protocol, if need be. The duration that the alarm is “ringing” should be publicly indicated. This proves to the public that the protocol can respond quickly in an emergency and improves transparency and trust.
Nothing mentioned above is technically difficult or expensive to implement. It will help clarity for the space both internally and externally. So please, document your pause controls, test them and let the community know.