own before the new executive…le system, effectively shutting it down before the new executive contract can do anything untoward. This means that if a thief showed up and tried to vote in their own executive contract that is programmed to steal all of the collateral, even if they had more stake than the other executive contracts they would have to wait for that delay and hope no one triggered the defense mechanisms during that time.
That seems insufficient protections to be honest. Suppose MKR increases the governance Delay, that still means that an evil executive contract could still pull this off, as long as it it’s not obviously fraudulent. So if a group can convince others that they are a superior and more decentralized governance model, if they can sneak some functionality in that goes unnoticed, then they can get executive vote, then wait for the delay and then steal all the collateral. In fact, it makes the system more complex because it’s not only about auditing the Maker code, but also the code of any executive contract candidate.
Why does maker even allows the collateral to be moved to arbitrary addresses, instead of having a very strict rules of when and who can get the collateral?