A user can submit a MsgTryUpgrade as soon as 5/6 voting power has signaled for a version. The remaining 1/6 of voting power won't have any time to upgrade prior to the upgrade height.
Proposal
Add a delay between the block that includes a successful MsgTryUpgrade and the upgrade height.
Determine a reasonable delay time period. Ex: 2 days or 1 week.
Add the delay. Note: during this time all signals and future cranks should be no-ops.
Context
Informal Systems v2 audit finding 3.
Problem
A user can submit a
MsgTryUpgradeas soon as 5/6 voting power has signaled for a version. The remaining 1/6 of voting power won't have any time to upgrade prior to the upgrade height.Proposal
Add a delay between the block that includes a successful
MsgTryUpgradeand the upgrade height.