Upgradability and Timelock

Upgradability

mETH Protocol uses a standard implementation for contract upgradability. This implementation is provided by the OpenZeppelin TransparentUpgradableProxy contracts.

  • The proxy contract is the contract users and other system components interact with, all data is stored in the proxy contract.

  • The implementation contract (without proxy name) is the core logic, but stores no data.

  • Upgrading involves deploying a new implementation contract, and pointing the proxy contract to that new contract. The proxy contract address will not change.

For more information, see:

Timelock

To ensure that Security Roles cannot make contract upgrades instantly, the Protocol uses a Timelock controller to add a delay to the process. This ensures:

  • Users have a chance to exit the protocol if they disagree with a proposed upgrade.

  • A compromise of the governance process cannot introduce a malicious upgrade without a delay.

The timelock contract is the only proxy admin for all other contracts, meaning upgrades must be done through the timelock mechanism. The timelock implementation is the standard OpenZeppelin TimelockControler (v4.8.2).

The timelock is configured with a default delay of 0, meaning upgrades can scheduled + executed immediately. As the protocol matures, the Mantle governance will increase this delay value to increase the time.

Note that changing the delay with the updateDelay function is also subject to the delay configured on the contract. This enforces that lowering the time delay is also subject to the initial delay.

For more information, see:

Last updated