Hello there,
In the previous weeks, there was a lot of talk about upgradeability, admin keys in DeFi, timelocks and multisigs.
For example,
- bZx team had a 12h delay to deploy patches
- Compound has a timelock
-
The good ol Giveth Vault, way back in the ancient times of 2017, had a timelock to do payments, with a
securityGuard
role that coulddelay
suspicious payments, giving time for theowner
s tocancel
or call aescapeHatch
for the funds.
In the past you have illustrated how the proxy admin role can be set on a Multisig
With all the lessons learnt, would it make sense to have a timelocked contract as upgradeAdmin? how would you implement such a thing?
I think this could be a nice addition to your contract library
My proposal would be:
- m
owner
s like a multisig - n of m owners needed to add / delete an owner
- owner submit
upgradeProposal
- all the
upgradeProposal
s have aminimumDelay
- owners can
advanceProposal()
to accelerate theupgradeProposal
anadvanceIntervalAmount
of time. With enough approvals from owners, the upgrade can execute faster, which could be useful for emergency fixes. - owners can
delayProposal()
for suspicious ones. This could allow time for the owners to react to a suspicious proposal - owners can
cancelProposal()
, with n of m owners required to cancel.
Thoughts?