Open kyscott18 opened 2 years ago
Checks out to me because the admin of the governance is the timelock, meaning that the origin of someone changing the governance parameters must be from the timelock. The setAdmin() function of the timelock can only be called by itself (transaction originated by admin) or the admin itself, which is necessary when deploying because of the order in which these contracts must be deployed.
Checks out to me as well!
I had to refactor the timelock initialization, specifically the
setAdmin
function. Make sure this is not open to an attacker becoming the admin of the timelock.