Open
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. OpenSSF Scorecard
Scanned Files |
alexjavabraz
approved these changes
Feb 17, 2026
Luisfc68
requested changes
Feb 18, 2026
Collaborator
There was a problem hiding this comment.
we should have this script also for the split architecture, because this is going to be merged for the v2.6.0 when that architecture is supposed to be already deployed
Collaborator
|
@Hakob23 we updated the v2.6.0 branch with the v2.5.0 fixes, pls update the feature branch accordingly when you push the next changes |
…oxy address handling
…a default admin role defined
There was a problem hiding this comment.
Pull request overview
Integrates OpenZeppelin TimelockController into the deployment/upgrade workflow to enforce a delay on contract upgrades (legacy LBC + split Flyover architecture), increasing reaction time for emergency scenarios.
Changes:
- Extend
HelperConfig(legacy + flyover configs) with timelock parameters (minDelay/proposer/executor/admin) sourced from env vars. - Add deployment scripts to transfer ProxyAdmin ownership to a newly deployed
TimelockController, plus a defaulttimelock-roles.json. - Add/extend Foundry tests validating timelock-delayed upgrades and ownership transfer behavior.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
test/helpers/FlyoverTestBase.sol |
Updates test Flyover config helper to include timelock config fields. |
test/deployment/UpgradeLBC.t.sol |
Adds a test asserting upgrades are blocked until timelock delay elapses. |
test/deployment/ChangeOwnerToTimelock.t.sol |
New tests for legacy + split scripts transferring ProxyAdmin ownership to timelock. |
script/legacy/deployment/ChangeOwnerToTimelock.s.sol |
New legacy script deploying timelock + transferring LBC ProxyAdmin ownership. |
script/deployment/ChangeOwnerToTimelock.s.sol |
New split-architecture script deploying timelock + transferring shared ProxyAdmin ownership. |
script/deployment/timelock-roles.json |
Adds proposer/executor role configuration for mainnet/testnet. |
script/HelperConfig.s.sol |
Adds timelock env-driven config fields for both legacy and flyover configs. |
example.env |
Documents new timelock env vars (partially). |
Comments suppressed due to low confidence (1)
example.env:49
HelperConfigsupportsTIMELOCK_ADMIN_*(and the split-architecture script requiresPROXY_ADMIN), but this example env file only documents min delay/proposer/executor. Add the missing variables (or clarify they’re optional) so users can configure timelock admin and runscript/deployment/ChangeOwnerToTimelock.s.solwithout guessing env names.
# Timelock configuration for legacy LBC ownership
# Delay is in seconds. Temporary default in code is 7 days.
TIMELOCK_MIN_DELAY_MAINNET=<delay_seconds>
TIMELOCK_PROPOSER_MAINNET=<proposer_multisig_address>
TIMELOCK_EXECUTOR_MAINNET=<executor_multisig_address>
TIMELOCK_MIN_DELAY_TESTNET=<delay_seconds>
TIMELOCK_PROPOSER_TESTNET=<proposer_multisig_address>
TIMELOCK_EXECUTOR_TESTNET=<executor_multisig_address>
TIMELOCK_MIN_DELAY_LOCAL=<delay_seconds>
TIMELOCK_PROPOSER_LOCAL=<proposer_multisig_address>
TIMELOCK_EXECUTOR_LOCAL=<executor_multisig_address>
You can also share your feedback on Copilot code review. Take the survey.
Luisfc68
approved these changes
Mar 17, 2026
…wnerToTimelock script
…rrent contract as ProxyAdmin owner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Timelock Control Integration
Why
Introduce a delay to the contract upgrades for increasing the reaction time in case of emergency during LPs resignation and withdrawal process
Task
https://rsklabs.atlassian.net/browse/FLY-2184