SKIP TO CONTENT
Security

Timelock

A smart contract that delays execution of administrative actions by a set period.

What is a Timelock?

A timelock is a smart contract that enforces a mandatory delay between queuing an action and executing it. Administrative changes like contract upgrades, parameter adjustments, or fund movements must wait through this delay period before taking effect. This provides users and stakeholders time to review pending changes, assess implications, and respond appropriately. Including exiting the protocol if they disagree.

How Timelocks Work

When an admin wants to execute a privileged action, they first submit it to the timelock contract, which records the action with a timestamp. The action enters a queued state and becomes executable only after the delay period passes (typically 24-72 hours). Once executable, anyone can trigger execution. If the action is malicious or unwanted, users can exit the protocol during the waiting period.

Actions can typically be cancelled during the delay by authorized addresses. This allows course correction if a queued action proves problematic after community review or external feedback. Some timelocks implement grace periods after which queued actions expire if not executed, preventing stale actions from executing unexpectedly.

Timelock Duration Considerations

Longer timelocks provide more security but reduce operational agility. A 48-hour timelock gives users two days to react but means legitimate bug fixes take two days to deploy. Emergency situations may require faster response than timelocks allow, creating tension between security and responsiveness.

Many protocols implement tiered delays: longer durations for critical changes (upgrades, large treasury transfers) and shorter delays for routine parameter adjustments (interest rates, collateral factors). Some include emergency mechanisms allowing faster action with higher security requirements (more multisig signers, supermajority governance votes).

Timelocks in DeFi Governance

Major DeFi protocols use timelocks extensively. Compound, Aave, and Uniswap governance systems execute all approved proposals through timelocks. When governance votes pass, the resulting actions queue through the timelock before taking effect. This protects against governance attacks where malicious proposals might pass before stakeholders notice.

Evaluating Timelock Security

When assessing protocol security, check timelock existence, duration, and scope. Can upgrades bypass the timelock? What actions go through timelocks versus direct execution? Are emergency powers appropriately constrained? Robust timelock implementation indicates security maturity.

Examples

  • Compound Governance has a 48-hour timelock, meaning passed proposals wait 2 days before execution

Related Terms

See this concept in action across live DeFi protocols.

Track live yields, compare protocols, and build your DeFi portfolio with Fensory.

GET EARLY ACCESSArrow right
← BACK TO GLOSSARY