✅ All code is open source
✅ Never critically hacked or exploited
❌ Voting occurs off-chain
❌ Critical logic can only be modified by a multisig
Synthetix's protocolDAO is extremely powerful and has the ability to modify core logic or attack user funds. Any such action would be held by a 48-hour timelock, giving the community that time to take action. Whether or not the community would be able to form a reasonable response in that amount of time is unknown. Only the protocolDAO members can begin an Emergency Shutdown, so that would not be an option for tokenholders.
The Synthetix community recently switched its voting system from a simple vote in the chat app Discord over to the off-chain signalling mechanism, Snapshot. Another change is planned shortly to move to a proxy voting system labeled “Spartan Council” which will require users to vote for 7 representatives who will have sole voting power. The most important takeaway here is that Synthetix voting does not happen on-chain.
Once a proposal is approved through voting, users must trust Synthetix’s protocolDAO to make the modification to the protocol. protocolDAO is a fancy way of describing a 4-of-8 multisig admin key (48 hour timelock). However, action by the protocolDAO is in no way technically connected to the off-chain voting that occurs. Therefore, users must trust the protocolDAO to act responsibly and skillfully.
In addition, any one member of the protocolDAO has the ability to pause the entire Synthetix system in the case of an emergency. No vote is required, and no other members of the DAO have to be involved for one member to do this.
As stated in this Synthetix blog post, the protocolDAO members could indefinitely stop Synthetix from operating by continually shutting it down over and over. Users must trust the 8 DAO members to act with integrity.
While Synthetix does have a powerful admin key and significant trust requirements, its voting mechanism and strong community place it above other admin key protocols.