Why does the Governor contract's propose function allow for an unbounded number of actions?

OpenZeppelin's own audit of Compound's old Alpha governance system suggested setting a hard cap on the number of actions that can be included with a proposal to avoid unexpected errors. As a result, Compound added a require(targets.length <= proposalMaxOperations, "...") check.

How come OpenZeppelin's own governance module doesn't include such a check? Is this intended to be an implementation choice?

1 Like

Good find. :slight_smile: A hard cap can provide a guarantee that the execution will fit in the gas limit, but we don't want to add an opinionated cap (a reasonable value could be very different across chains), and making it configurable increases the complexity of getting a Governor set up. On the other hand, it's not a security issue if the execution of a proposal runs out of gas, and it could run out of gas for reasons other than there being a lot of proposals in the batch.

2 Likes