Feature/fly 2184

[Hakob23]

What

Timelock Control Integration

Why

Introduce a delay to the contract upgrades for increasing the reaction time in case of emergency during LPs resignation and withdrawal process

Task

https://rsklabs.atlassian.net/browse/FLY-2184

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@rsksmart/btc-transaction-solidity-helper	0.3.0-beta	🟢 6.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 14 out of 14 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 3 Found 5/14 approved changesets -- score normalized to 3 Contributors 🟢 3 project has 1 contributing companies or organizations -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected

Scanned Files

• package-lock.json

[Luisfc68]

we should have this script also for the split architecture, because this is going to be merged for the v2.6.0 when that architecture is supposed to be already deployed

[Luisfc68]

@Hakob23 we updated the v2.6.0 branch with the v2.5.0 fixes, pls update the feature branch accordingly when you push the next changes

[Copilot]

Pull request overview

Integrates OpenZeppelin TimelockController into the deployment/upgrade workflow to enforce a delay on contract upgrades (legacy LBC + split Flyover architecture), increasing reaction time for emergency scenarios.

Changes:

• Extend HelperConfig (legacy + flyover configs) with timelock parameters (minDelay/proposer/executor/admin) sourced from env vars.
• Add deployment scripts to transfer ProxyAdmin ownership to a newly deployed TimelockController, plus a default timelock-roles.json.
• Add/extend Foundry tests validating timelock-delayed upgrades and ownership transfer behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
test/helpers/FlyoverTestBase.sol	Updates test Flyover config helper to include timelock config fields.
test/deployment/UpgradeLBC.t.sol	Adds a test asserting upgrades are blocked until timelock delay elapses.
test/deployment/ChangeOwnerToTimelock.t.sol	New tests for legacy + split scripts transferring ProxyAdmin ownership to timelock.
script/legacy/deployment/ChangeOwnerToTimelock.s.sol	New legacy script deploying timelock + transferring LBC ProxyAdmin ownership.
script/deployment/ChangeOwnerToTimelock.s.sol	New split-architecture script deploying timelock + transferring shared ProxyAdmin ownership.
script/deployment/timelock-roles.json	Adds proposer/executor role configuration for mainnet/testnet.
script/HelperConfig.s.sol	Adds timelock env-driven config fields for both legacy and flyover configs.
example.env	Documents new timelock env vars (partially).

Comments suppressed due to low confidence (1)

example.env:49

• HelperConfig supports TIMELOCK_ADMIN_* (and the split-architecture script requires PROXY_ADMIN), but this example env file only documents min delay/proposer/executor. Add the missing variables (or clarify they’re optional) so users can configure timelock admin and run script/deployment/ChangeOwnerToTimelock.s.sol without guessing env names.

# Timelock configuration for legacy LBC ownership
# Delay is in seconds. Temporary default in code is 7 days.
TIMELOCK_MIN_DELAY_MAINNET=<delay_seconds>
TIMELOCK_PROPOSER_MAINNET=<proposer_multisig_address>
TIMELOCK_EXECUTOR_MAINNET=<executor_multisig_address>

TIMELOCK_MIN_DELAY_TESTNET=<delay_seconds>
TIMELOCK_PROPOSER_TESTNET=<proposer_multisig_address>
TIMELOCK_EXECUTOR_TESTNET=<executor_multisig_address>

TIMELOCK_MIN_DELAY_LOCAL=<delay_seconds>
TIMELOCK_PROPOSER_LOCAL=<proposer_multisig_address>
TIMELOCK_EXECUTOR_LOCAL=<executor_multisig_address>

---

You can also share your feedback on Copilot code review. Take the survey.