Proposal: Timelock addMinter and setGovernance

Summary:

addMinter and setGovernance are the most crucial smart contract functions. It can break the entire system and put so much money at risk when a bad actor’s address is set as a minter or governance. This can happen when there is a hostile takeover or if the multisigs are somehow compromised. Will those scenarios happen? I doubt it. However, we should still future proof and improve the security of the smart contract. To provide additional security and times for everyone to get out if that were to happen, I propose that we add a 2-3 days timelock for addMinter and setGovernance execution.

Abstract:

Add a 2-3 days timelock to all yEarn smart contract’s addMinter and setGovernance functions.

Motivation:

Increases security and confidence of the smart contracts. In case of catastrophes, everyone will have ample of times to get out.

Specification:

This is a high level overview of how the YIP will solve the problem. The overview should clearly describe how the new feature will be implemented.

For: add 2-3 days timelock before addMinter and setGovernance become effective

Against: No changes. All functions call will effect immediately

Poll:

  • Add 2 days timelock
  • Add 3 days timelock
  • No Changes

0 voters

I approve of the idea, but the proposal would have no effect currently.

Currently we have:

  • setGovernance has a 3-day timelock and requires multisig quorum
  • addMinter is not present in the current governance contract at all, so minting new coins would require switching the governance contract, which goes through the timelock anyway
4 Likes

Ah, I forgot about the indirect governance contract which has the timelock. I was looking at it from the core contract perspective.