The multisig UI/UX is a real and long term difficulty for any governance council. "Please sign this opaque transaction with binary data, it represents our agreement. I promise." For a while maybe ten years ago I worked with MakerDAO on this problem - at the time the idea was a separate auditor for proposed transactions.

This general attack pattern is: get a lender with good collateral to call your bad collateral good, then swap collaterals, and it's a known and bad attack vector; the ongoing tension between innovation / speed and caution continues.

There's probably a flash-loan multiplier angle here for an even worse attack; I'm imagining chaining a liquidity change in the trusted price oracle for the CVT token in the middle of the swapping. Anyway, upshot - don't loan against North Korean attack tokens. Put it on the list.

[dead]