Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add timelocks to migrations and upgrades #223

Closed
2 of 3 tasks
Tracked by #12
srdtrk opened this issue Jan 17, 2025 · 0 comments · Fixed by #247
Closed
2 of 3 tasks
Tracked by #12

Add timelocks to migrations and upgrades #223

srdtrk opened this issue Jan 17, 2025 · 0 comments · Fixed by #247
Labels
needs discussion This issue needs more discussion before its implementation security This issue impacts security assumptions solidity Issues related to the solidity contracts type: feature Feature request

Comments

@srdtrk
Copy link
Member

srdtrk commented Jan 17, 2025
edited
Loading

Description

Support for contract upgradability by a proxy admin was added in #188 and support for light client migrations was added in #196. In both cases, we have not included any timelocks on said upgrades/migrations.

A timelock is a delay between the admin broadcasting a proposal and the execution of that proposal, allowing users to see the upcoming changes and potentially migrate their funds if they believe their funds to be at risk.

Discussion

Openzeppelin has a very useful TimelockController contract which is intended to be owned by a multisig.

This gives us two options:

  1. Document that we recommend admins to use TimelockController (in this case we close this issue as not planned)
  2. Deploy TimelockController for the admins ourselves and require them to use it.

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged/assigned
@srdtrk srdtrk added needs discussion This issue needs more discussion before its implementation solidity Issues related to the solidity contracts type: feature Feature request labels Jan 17, 2025
@srdtrk srdtrk mentioned this issue Jan 17, 2025
Open
4 tasks
@srdtrk srdtrk added the security This issue impacts security assumptions label Jan 17, 2025
@srdtrk srdtrk mentioned this issue Jan 30, 2025
Merged
6 tasks
@github-project-automation github-project-automation bot moved this from Backlog to Done in IBC-GO Eureka Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs discussion This issue needs more discussion before its implementation security This issue impacts security assumptions solidity Issues related to the solidity contracts type: feature Feature request
Projects
IBC-GO Eureka
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: switched to UUPS proxy pattern with admin management cosmos/solidity-ibc-eureka
1 participant
@srdtrk