So... I'm setting up some governance examples and I think it's important to show how to do it with a TimelockController. It seems clear to me that I need to deploy a timelockcontroller contract first, since one of the constructor parameters for a governance contract is the GovernorTimelockControl, which needs a timelock.
However... For deploying a timelock contract I need an array of proposers. This is where the issue comes in:
The proposers are in charge of scheduling (and cancelling) operations. This is a critical role, that should be given to governing entities. This could be an EOA, a multisig, or a DAO.
How does it make sense that the proposer has to be the DAO? How can I deploy the timelock contract before I deploy the governor contract, if they depend on each other?
Should I just leave them as blanks and just add the governor contract to the list of proposers later?
TimelockController uses an AccessControl setup that we need to understand in order to set up roles. The Proposer role is in charge of queueing operations: this is the role the Governor instance should be granted, and it should likely be the only proposer in the system. The Executor role is in charge of executing already available operations: we can assign this role to the special zero address to allow anyone to execute (if operations can be particularly time sensitive, the Governor should be made Executor instead). Lastly, there is the Admin role, which can grant and revoke the two previous roles: this is a very sensitive role that will be granted automatically to both deployer and timelock itself, but should be renounced by the deployer after setup.
Just found this on another tutorial.
Was scratching my head for about an hour. Cool to see I was thinking about it right.
The documentation now changed from this is a very sensitive role that will be granted automatically to both deployer and timelock itself, but should be renounced by the deployer after setup
to this is a very sensitive role that will be granted automatically to the timelock itself, and optionally to a second account, which can be used for ease of setup but should promptly renounce the role
Both contracts depend on each other, the Governor requires the address of the Timelock contract and the Timelock needs to set the Governor as the proposer. Is there a way to deploy the governance contracts without granting the admin role to myself and then revoking it? Because either way, at time of deployment, one of the contract addresses will be unknown unless I deploy the Timelock first and pre-calculate the Governor address based on my nonce.
Like you said, the way to do this without temporarily being admin (which is totally okay though), is to somehow predict the addresses. This may be easier if you use a create2 factory like the following.
