There are certain hyperparameters that cannot be secured against malicious subnet owner weaponization. As we’ve seen with sn104, there are skilled actors exploiting the system and thus the only way we see to prevent the subnet owner from getting total control over the network is for the governor to restrict what the subnet owner can and cannot do.
Some subnet owners cannot be trusted with setting some hyperparameters.
We took care to secure most hyperparameters, so this will be used sparingly, but for powerful tools there seems to be no other way.
I cannot say which hyperparameters need to be limited, because I’m afraid it’d immediately cause the owner of sn104 (and probably others) to exploit it.
normal mode - the owner can do whatever they want within reasonable limits, as today
restricted mode - the owner can still tune most hyperparameters within reasonable limits, except a few that will not be accessible to them, so triumvirate will be changing these for them if needed, just as they manage like a dozen subnet hyperparameters that are not writeable by the owner today
disabled mode - the owner cannot write any hyperparameters whatsoever and all changes to hyperparameters on that subnet will have to be managed by the triumvirate
In addition to that a new extrinsic should be added for the governor to reset all hyperparameters on a given subnet to their default values, so that if someone messes up the subnet configuration, they can sign a batch to disable hyperparameters and reset to default to mitigate it easily, rather than making a huge transaction with numerous changes to all misconfigured hyperparameters. For UX.