[L04] All admin functions should be mediated by a timelock or similar user protection

[fulldecent]

This user protection is related to https://github.com/ghoul-sol/treasure-marketplace/issues/5.

Specifically, the only affected admin function is setFee. And specifically, the risk mentioned here is that a seller will list an item for sale and then marketplace will increase its fee afterwards. The result is that the seller receives less proceeds than they expected.

The current mitigation is that the fee is fixed with a hard limit of 15%. And the normal fee is 5%.

So, a person selling for 100 $MAGIC is expecting to get 95 might actually get 85 if the fee is changed in the meantime.

This issue recommends to mitigate further by having a time-delay for fee changes so people will have a heads up. This is a good idea. And/or reducing the maximum fee if warranted is also a way to protect users.

[treasure-t1dev]

This general issue is mitigated from a bad actor standpoint with multisig as owner of the contracts. For the specific changing fee issue, we acknowledge this and can change how we handle setting these in the future (ideally by having collection owners do it)