Due to the upcoming v2.1 upgrade this proposal is to deploy standard Uniswap Timelock contract and pass Gnosis Multisig setup transactions into it instead of direct execution in the Gearbox contracts.
At the moment, applying any settings to the Gearbox contracts, we create a bundle of transactions and put it as an array into the Gnosis Safe multi-sig wallet. Which currently has a configurator role - the only role that can make config changes in contracts.
It leads to potential vulnerable cases because transactions approved by multi-sig are executed immediately.
Another case is the user who disagrees with approved proposals has no time to react by withdrawing liquidity or making other financial decisions.
To mitigate these potential vulnerabilities and to give all users time to react, we propose to change the proposal execution flow to add a Timelock contract with 1 day delay of execution after Gnosis transactions are executed.
- deploy standard Timelock contract with 1 day minimal delay parameter
- give configurator role to Timelock by Gnosis Multisig transaction in ACL contract
- set Timelock as pausibleAdmin and unpausibleAdmin
We want to deploy v2.1 next week, and it is important to implement this proposal before v2.1 upgrade
We suppose these changes will be ready to implement at the beginning of the next week starting 1st of May 2023