Make the kappa hyperparameter root-only

[ppolewicz]

Management of the kappa hyperparameter should be removed from the subnet owner, so that it can only be changed by the governor (currently triumvirate).

The reason behind is that an exploit has been identified where a malicious subnet owner can use it to do bad things that I don't want to write here about, but they were discussed by

• the security council
• with Const
• with the triumvirate

Everybody regrets that the triumvirate will have an extra duty of sometimes needing to review a request for adjustment of kappa.

This parameter is usually at 0.5 and there were only a handful of situations where it should have been changed. Changes to it should be rare enough to not be a burden. There are numerous hyperparameters that are root-only (max_uids, for example) and I believe that if the exploit was known during implementation of dtao, the hyperparameter would become root-only with dtao release (the exploit that I identified wasn't a thing before dtao).

[ppolewicz]

An alternative design was proposed and initially agreed on by the community to introduce a separate parameter which prevents the subnet owner from setting parameters such as kappa which can be used to exploit.