The addition of permissionless self burn and max supply are great but why is the addition of
burnFromnecessary?
Good question, as you mention, the existing burn function provides the same functionality as the new burnFrom function. We added the burnFrom function to give a clear name to the functionality provided and to disambiguate it from the new burn function. We kept the existing burn function for backwards compatibility and to reduce the surface area of changes within this upgrade.
The presence of this at all is actually rather disconcerting as it doesn’t have any approval checks, which means that any address with the burner role can burn tokens from any wallet at any time regardless of if they have approved the burn.
To be clear, when you mention “approval checks,” you are referring to the ability for an address to approve an allowance to another address to burn tokens, which can also be referred to as a burn allowance, correct? I ask because there are “approval checks” for assigning the BURNER_ROLE. Only the BURNER_ADMIN_ROLE can assign the BURNER_ROLE, and after this proposal, the Protocol Governor Timelock will be the sole possessor of the BURNER_ADMIN_ROLE. By having the Protocol Governor Timelock as the burner admin, we ensure any assignment of the BURNER_ROLE must go through governance without being vetoed by the Security Council, which creates a high bar for any assignment to take place. As you highlight, great care should be taken when deciding to assign this role and the use of the burnFrom function.
Also, it is worth highlighting that this functionality is not added in this upgrade; it already exists in the token contract.