kyscott18
commented
2 years ago Checks out to me because the admin of the governance is the timelock, meaning that the origin of someone changing the governance parameters must be from the timelock. The setAdmin() function of the timelock can only be called by itself (transaction originated by admin) or the admin itself, which is necessary when deploying because of the order in which these contracts must be deployed.
d-mooers
I had to refactor the timelock initialization, specifically the
setAdminfunction. Make sure this is not open to an attacker becoming the admin of the timelock.