VotingEscrowUpgradeableV1_2: Make transfer of `team` role a two step process in order to avoid potential takover of `team` role

[hats-bug-reporter[bot]]

Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0xa0c2a9ddb0677cdf65485f6515a47b49f230714caa5479d001061162b7a3d80a Severity: low

Description: team is an important priviledged role in VotingEscrowUpgradeableV1_2 and lot of team based function are only callable by this role.

Throughout the contract, it is only updated via two functions:

• first while initializing
• and the second is via setTeam(address) function

  function setTeam(address _team) external {
      _checkOnlyTeamAccess();
      team = _team;
  }

since setTeam is only callabe by the current team role, it can be takenover in case a wrong address is passed while calling this function.

Recommendation\ Consider implementing a two step transfer of team role just like the openzeppelin two step ownership transfers work, where the priviledged role is not directly handed over to the new address, instead a claimable process of role is implemented.

[0xmahdirostami]

For now, these submissions will be judged as well.

[0xmahdirostami]

Security best practice