Multisig Timelocked Upgrade Admin Contract

Hello there,

In the previous weeks, there was a lot of talk about upgradeability, admin keys in DeFi, timelocks and multisigs.

For example,

• bZx team had a 12h delay to deploy patches
• Compound has a timelock
• The good ol Giveth Vault, way back in the ancient times of 2017, had a timelock to do payments, with a securityGuard role that could delay suspicious payments, giving time for the owners to cancel or call a escapeHatch for the funds.

In the past you have illustrated how the proxy admin role can be set on a Multisig

With all the lessons learnt, would it make sense to have a timelocked contract as upgradeAdmin? how would you implement such a thing?

I think this could be a nice addition to your contract library

My proposal would be:

• m owners like a multisig
• n of m owners needed to add / delete an owner
• owner submit upgradeProposal
• all the upgradeProposals have a minimumDelay
• owners can advanceProposal() to accelerate the upgradeProposalan advanceIntervalAmount of time. With enough approvals from owners, the upgrade can execute faster, which could be useful for emergency fixes.
• owners can delayProposal()for suspicious ones. This could allow time for the owners to react to a suspicious proposal
• owners can cancelProposal(), with n of m owners required to cancel.

Thoughts?

Hi @ethicraul,

Nice thinking. I hope we will see more transparency around governance and some form of standardized contract for timelocks could be interesting.

Potentially a multisig with timelocked actions, (so maybe more generic than just upgrades). Though perhaps that could be a mutisig contract sending actions to a timelock contract.

Would be interested to hear thoughts from others in the community.