No Execute button for TimeLock. Executor is Multisig, and I'm using an owner wallet of Multisig to connect to Defender

Environment
I am using Defender Admin and have deployed TimeLock contract along with MultiSig Safe, both created in the Defender UI. They're all on BSC.

Details
My TimeLock contract: https://defender.openzeppelin.com/#/admin/contracts/bsc-0xF95b43E052404c0456994355B7AC981DD892F49d

My Multisig Safe: https://defender.openzeppelin.com/#/admin/contracts/bsc-0x13C4c2b0714C99E58FaA92b3e4FbF095e12FAD5a

My token (imported into Defender): https://defender.openzeppelin.com/#/admin/contracts/bsc-0x441Bb79F2da0dAF457BaD3d401eDb68535fB3faa

Multisig Safe has 7 owner wallets, but only need 2 signatures for approvals.

TimeLock Contract is the Owner of token contract. TimeLock duration is 2 days.

TimeLock Contract has Multisig Safe in both Proposer and Executor roles. There are no other addresses in both roles.

My current problem:

1. I can propose actions on the token contract and my execution strategy is Multisig > TimeLock > Token Contract.
   (I tried with EOA but receive error, and I assume this is because only Multisig has Executor role)

2. I could create multiple proposals, and approve them using 2 wallets out of 7 owner wallets of Multisig.

3. After TimeLock expires, I cannot Execute any proposals despite trying with each owner wallet of the Multisig connected to Defender. The error message I keep getting is this:

"Current account is not an authorized executor in timelock 0xF95b...2F49d. Please switch to another account or grant role Executor to your current account."

I have tried to connect all 7 owner wallets of the Multisig (which has Executor role on the TimeLock), but I keep getting this message and cannot execute ANY.

Please helpppp!

Code to reproduce

Hi cilmion, Defender calls hasRole contract function, if this fails it's likely to throw that error, I tried to run it myself using the block explorer and I'm receiving the following error.

Screenshot 2023-06-02 at 12.27.132878×1124 198 KB

EXECUTOR_ROLE=0xd8aa0f3194971a2a116679f7c2090f6939c8d4e01a2a8d7e41d55e5351469e63
MULTISIG_ADDRESS=0x13C4c2b0714C99E58FaA92b3e4FbF095e12FAD5a

I'm not sure if this is the cause, but could you check that from your end? Let me know if that makes sense

Thanks
Marcos

Hi Marcos,

Thanks for your help!

I ran it using bscscan and I am getting bool:true.

Screenshot 2023-06-02 at 17.37.062802×1072 193 KB

Alternatively, is there anyway I can execute the operations directly on BSCScan? My problem though is I can't be sure what to put in:

execute (payableAmount BNB)
target (address)
value (uint256)
payload (bytes)
predecessor (bytes32)
salt (bytes32)

I just re-read your issue, and it seems that you're trying to execute the proposal directly with your EOA, like EOA -> Timelock, which would throw because your EOA does not have permission to execute the proposal but your Multisig, the right execution would be EOA -> Multisig -> Timelock. Did you try to execute from safe app?

Hi Marcos,

Thanks for your reply.

The issue is that I am not really sure how to execute from safe app -.-.

Given that Proposer role is also Multisig, and I could approve proposals by connecting to Defender with 2 owner wallets of the Multisig and approve, I thought it would be the same way to execute.

I cannot find pending transaction or anything within Safe app (On app.safe.global, where I can access the Multisig for this particular TimeLock).

Or do you mean to go to the Multisig within Defender, and run a "New Admin Action"? If so, what function should I be using?

Just to give better idea, here are some screenshots.

Screenshot 2023-06-02 at 22.02.582332×1228 293 KB

Hi @cilmion

There are two transactions involved when it comes to introducing a timelock as part of your execution strategy. The first one is a schedule transaction, which in this case will be proposed by the Gnosis Safe. Once the proposal is scheduled and the timelock is expired, any EOA with the EXECUTOR_ROLE will be allowed to call the execute transaction on the timelock.

Could you try giving your EOA 0xeb14...0cec the EXECUTOR_ROLE permissions on the timelock. Alternatively, you could use the Gnosis Safe transaction builder, which will require you to know each of the parameters of the transaction (salt, value, data, etc..). If you send an email to our support team defender-support@openzeppelin.com, I'm pretty sure we can provide this for you.

Hi @nami, thanks for your reply!

So, does it mean that if only Gnosis Safe has the Executor Role of the TimeLock, it won't be able to execute at all?

I tried to add 0xeb14...0cec to EXECUTOR_ROLE permission on the TimeLock, with only Multisig as Execution Strategy, but failed with the following error:

Transaction validation failed
Error: Transaction validation failed. This usually means that this proposal would fail to execute given its current parameters.

• Make sure all involved accounts have the necessary permissions for the transaction to succeed.
• Check grantRole's code to identify possible revert conditions.
• You are proposing to execute function grantRole through address 0x13C4c2b0714C99E58FaA92b3e4FbF095e12FAD5a. Make sure that address has enough permissions to execute the function.

The only way I could schedule a proposal is if I do Multisig > TimeLock > Contract (which is again the same TimeLock), but then to execute, I face the exact same problem.

Hi @nami, thanks a lot for the support email address! I just sent an email to you with my tenant ID and account email, from my account email s**@ekos.llc

That's odd. Can you try using the Gnosis Safe UI to execute the grantRole on your timelock contract, and see if that works?

Soooo.... you mean via app.safe.global? Using Transaction Builder or something else?

Ah I am replying your email! Thanks Nami!

I am having the same issue here, we gave multisig the executer role, and in order to add we need the paramters as he listed above