Building software for a decentralized world requires a balance of two, often conflicting, ingredients:
If a smart contract is immutable, then bugs can not be corrected. Conversely, if a smart contract’s code can be corrected, then it isn’t immutable.
Our governance plan seeks to strike a balance between these two goals, where the contract will initially be mutable so that any bugs can be fixed, but will later be rendered immutable once we’ve hit benchmarks to feel sufficiently confident the smart contract is correct.
As an aside, it’s sometimes commented that it is better to have all contracts be immutable, and in the case of a bug being found, the correct answer is to create a new contract and either migrate, or have the users migrate, their data over. This is often impractical, especially in a case like this where, if the contract proves useful, there will be a significant amount of data that can not be easily migrated, and it would also be difficult, if not impossible, for downstream contracts that use this one to update to the new contract (e.g. if they themselves are immutable contracts).
The Warm Wallet smart contract will initially be released as an upgradeable smart contract, controlled by a multisig wallet whose signers are members of Wenew Labs staff. The goal at this point is to enable the company to iterate on any immediate bugs that may be found, while not letting any one rogue agent change the contract.
Once the following two criteria are met, the multisig signers will be changed so that Wenew Labs staff alone will be unable to change the smart contract, and at least one outside signer will have to agree to the changes to be able to deploy an update to the contract: