# JBP-231 - Set ` allowSetController` flag  to  true , and give multisig discretionary permission to execute a controller migration.
 
```plain text
Author: Jango
Date: (2022-07-15)
```

## Thesis

JuiceboxDAO should be prepared to migrate to updated `JBController`s as needed for security purposes. Its project ownership structure around a 9 of 14 multisig is sufficient to prevent unwarranted changes from taking effect without consent from protocol contributors especially concerned with risk and security.

This should be assumed until a proposal is approved to explicitly turn the `allowsSetController` flag to false.

## Motivation

JuiceboxDAO recently sponsored a Code4rena contest to find issues with the protocol’s codebase. The response was overwhelmingly positive with no existential changes needed, however there are a handful of security adjustments the DAO will be better off making soon, all of which re-enforce that the protocol will work as documented. These may involve migrating controllers.

## Specification

- Configure funding cycle #6 to `allowSetController` in the funding cycle’s metadata.

- Allow the multisig to submit a transaction to migrate controllers.

- Allow the multisig to submit a transaction to migrate ETH payment terminals.

## Rationale

It is important for the multisig to have discretionary powers over protocol contract migrations so it can act quickly if security vulnerabilities are discovered. This can be relaxed once the protocol stabilizes after further security reviews and audits, so as to restore full control to direct votes by JBX members.

## Risks

There is smart contract risks any time we introduce new code to depend on, however this already the case with the current code we depend on. The purpose of this proposal is to mitigate risks disproportionately to introducing new risks. 

## Timeline

This discretionary power should last until a future proposal is approved to flip the metadata flag back to `false`.