The most important trait of blockchain technology is immutability, and the transactions on blockchain are secure. Smart contracts have emerged as one of the prominent tools for ensuring the use of blockchain technology for a diverse range of use cases. The concept of a timelock smart contract has emerged as a prominent highlight in the crypto and web3 landscape in recent times.
One of the notable examples of safety in blockchain associated with smart contracts refers to the timing of specific transactions. For example, auction contracts could include rules for placing bids within a specific timeframe only. At the same time, an ICO can also prevent users from transferring the newly acquired tokens for a specific time period.
You can notice an example of a timelock contract in both cases, which restricts certain functions of the smart contracts for a specific period of time. The following post provides you with in-depth insights on locking their smart contracts and the fundamentals of timelock contracts. You can also learn about the different steps for creating timelock smart contracts with OpenZeppelin Defender.
Curious to understand the complete smart contract development lifecycle? Enroll in Smart Contracts Development Course Now!
Definition of Timelock Contracts
The first thing you want to know before the answer to “How do I lock my smart contract?” is the definition of timelock smart contracts. Timelock is a trusted mechanism that helps in delaying the execution of specific functions within smart contracts. The timelock contracts work by implementing modifiers, which help in modifying the behavior of functions in a way that halts their applications for a specific duration of time.
The modifiers for creating a Solidity time lock contract can be simple conditional statements such as ‘if…else’ conditions attached to the function. Let us evaluate the example of a Timelock smart contract for an auction that prevents early or late bidding. Such conditions would have function modifiers that point at a particular time duration in the form of a Unix timestamp or seconds. In the event of presence of time-triggered functions in the transaction, the smart contract would verify execution of the transactions within valid time window.
Want to know the real-world examples of smart contracts and understand how you can use it for your business? Check the presentation Now on Examples Of Smart Contracts
Complexity of Timelock Contracts
The function modifiers represented the additional piece of code for changing the functionality of contracts. You could use ‘if…else’ as the initial choice for creating timelock smart contracts. On the other hand, you must remember that you can use complex types of function modifiers in timelock contracts. The timelock contract use cases for managing smart contracts can help in understanding the complexity of timelock contracts.
Timelocks which help in management of smart contracts, can allow the functionality for queuing a function call and executing it later. The timelocks featuring scheduling-and-execute functionality can help in enabling asynchronous execution of administrative operations of smart contracts. Here are some projects that use timelock contract with schedule-and-execute functionality for managing on-chain governance.
Proposers can take on the responsibility of scheduling maintenance operations by calling the timelock contract. In addition, the proposers must pass the address of the target contract alongside other important data as function arguments. On the other hand, executors are responsible for triggering the timelock contracts for calling target smart contracts after queued operations have passed the delay period. Such types of timelock variants ensure that the proposer and executor roles can be distributed among different individuals to ensure efficiency and decentralization. At the same time, timelocks work on delaying functions by imposing restrictions on executing function calls.
Another variant of timelock contracts points to the role of timelocks as administrators of one or multiple smart contracts. The smart contracts under the control of the administrator are responsible for controlling the operations of a protocol. Such type of timelock smart contract has the sole authority for calling administrative functions such as changing transaction fee parameters or minting tokens. You can find consistently growing attention around timelock smart contracts in the crypto and web3 community for their security benefits.
Start your journey to become a smart contract developer or architect with an in-depth overview of smart contract fundamentals through Smart Contracts Skill Path
Applications of Timelock Contracts
The answers to “How do I lock my smart contract?” lead to function modifiers. The function modifiers are a simple addition to the smart contract function you want to delay for a specific period of time. However, it is important to identify the different ways in which you can use timelock contracts. Interestingly, you can come across many potential applications for timelock contracts. You must have noticed the example of ICOs with timelock contracts that impose a vesting schedule. During the vesting schedule, users could not withdraw their newly-acquired tokens.
Another prominent addition among the applications of timelock contracts refers to smart contract-based wills and agreements. The timelock contract use cases can work by periodically checking the health of the owner of the will. The contract waits for filing of the death certificate and delays disclosure of the will.
Advantages of Timelock Contracts
The review of functionalities of timelock smart contracts shows that they can offer crucial benefits for improving governance. Blockchain protocols use on-chain governance mechanisms for managing modifications in the smart contract business logic. Generally, an on-chain voting mechanism would be the only way to approve proposals for changes in the governance mechanism.
Why do you need timelock contracts in progress for the ideal on-chain governance mechanisms? On-chain governance also presents the risks of flash loan attacks and brute force attacks through malicious privileges. In addition, unauthorized changes to the protocol without the approval of users imply the abuse of authority.
Blockchain projects such as Compound and Uniswap utilize timelocks for imposing delays in the execution of certain administrative functions in protocol contracts. The Timelock smart contract would serve as an intermediary between the proposal and protocol. Developers must pass proposals for modifying protocol parameters through the timelock and wait for the minimum delay in execution. The minimum delay could be two days. As a result, timelock contracts can ensure safer on-chain governance and response plans for canceling proposals with awareness of the planned modifications.
The next important reason to look for Solidity time lock contracts is the guarantee of safety. Timelocks ensure proper execution of functions in a blockchain application. Some of the use cases which could need time-locking contracts include on-chain auctions, NFT mints, and ICOs. Furthermore, the advantages of timelock smart contracts also ensure that you can use them in DeFi applications.
Considering the popularity of DeFi, it is reasonable to assume that timelock contract use cases in DeFi could grab a lot of attention. You can think of an example of a DeFi application, such as a borrowing platform that uses an on-chain price oracle. The on-chain oracle offers the flexibility for determining the value of user collateral and the amount they can borrow from the network.
In such cases, attackers could work on artificial inflation of asset value in collateral through price oracle manipulation. You can deal with such types of attacks by imposing a minimum delay period for users entering and moving out of the system. Malicious users would have to perform two transactions for manipulating asset prices and borrowing at inflated prices. However, a delay with timelock between deposit and borrowing can safeguard against price oracle manipulation.
Want to know more about DeFi? Enroll Now: Introduction to DeFi Course
Disadvantages of Timelock Smart Contracts
The discussions about timelock contracts in progress have grabbed headlines in the crypto and web3 space. Timelock contracts are useful in terms of security as it is their primary objective. However, timelock contracts cannot offer the advantages of security without proper implementation. You should also pay attention to specific attack vectors which can influence timelocks, such as the following.
One of the biggest limitations of a timelock smart contract points out to the account which deploys the contract. The account responsible for deploying timelock contracts on blockchain could gain administrative control of the contract. It can lead to malicious abuse of authority for modification of delay in the timelock to achieve selfish objectives. On top of it, granting administrative control to a specific account defeats the primary objective of decentralization.
Build your identity as a certified blockchain expert with 101 Blockchains’ Blockchain Certifications designed to provide enhanced career prospects.
Another notable set of issues with timelocks is the use of timestamps. The timelock contracts rely on block timestamps for executing smart contracts. Block producers could control the timestamp values and set the timestamp for a block in the future. In such cases, security concerns such as frontrunning attacks could affect the integrity of smart contracts. Therefore, it is important to use block height as a reliable measure of time rather than using timestamps.
The ability of a timelock contract to deliver security advantages depends on the delay period it can provide. You can find a low minimum delay threshold as an indication of easier opportunities for malicious proposals to proceed through verification and execution before being detected. For example, the Beanstalk protocol has implemented a one-day delay for executing proposals, which is insufficient for the community to identify malicious proposals.
The final addition among the limitations of a Solidity time lock smart contract would point to a reduction in efficiency. Timelocks can help in controlling the maintenance operations required for smart contracts. On the other hand, they can also create prominent setbacks for developers. First of all, timelock contracts reduce the ability for faster implementation of emergency responses, such as pausing smart contracts.
In addition, delays in certain user operations with smart contract-based applications could also influence the user experience. When a protocol works on delaying withdrawal of tokens in a project, users could avoid it in the future due to poor liquidity. At the same time, you must notice that delays in exits and entries could influence the utility for traders and disrupt atomic composability.
Learn about the fundamentals of smart contract and how solidity works through Solidity & Smart Contract: A Comprehensive Guide Ebook
How to Create a Timelock Smart Contract?
The introduction to timelock smart contracts also draws attention to the creation of timelocks. You can find a detailed answer to “How do I lock my smart contract?” by reflecting on the example of OpenZeppelin Defender. It is a valuable tool that helps you in creating timelock smart contracts according to your requirements.
The first step in creating timelock smart contracts on OpenZeppelin Defender is the creation of an ERC-20 token. You can create an ERC-20 token by using the Contracts Wizard feature, which utilizes OpenZeppelin Contracts and their unique advantages. It is important to ensure that the mintable feature is active for the ERC-20 token, and then you have to compile and deploy the ERC-20 contract by using MetaMask and Remix.
Process for Creating Timelock Smart Contracts in OpenZeppelin Defender
The process of creating a time lock contract in progress with OpenZeppelin Defender would start after deploying the ERC-20 network. You have to obtain confirmation for the transaction on Etherscan, followed by adding contract address to Defender Admin. In the case of unverified contracts, you have to copy the ABI manually. Developers can also add a multisig wallet to the timelock smart contract to avoid the concerns of authority abuse in a protocol. With a proposal threshold higher than one, timelocks would require another signatory, thereby preventing complete centralization.
You can use OpenZeppelin Defender to create a timelock within the following simple steps. The first step for creating Timelock OpenZeppelin contracts involves selection of the ‘Add Contract’ option, followed by the ‘Create Timelock’ option. Now, you have to include the multisig address in the proposer field and individual addresses as executors. After creation of the timelock, you should review the timelock admin action page to verify correctness of all roles. You can use the ‘query other functions’ option for running a function on the selected addresses to verify role integrity.
Eager to know about the ethereum technology? Enroll Now in The Complete Ethereum Technology Course
The basic definition of a timelock contract provides an innovative perspective on addressing the security issues in blockchain-based applications. Smart contracts opened up the prospects for creating a broad range of applications based on blockchain networks. However, the different vulnerabilities in smart contract codes imply the necessity of finding suitable solutions.
On the other hand, the immutability of blockchain technology makes it impossible to reverse malicious transactions. Timelock contracts introduce an effective opportunity to delay the execution of specific contract functions to avoid security issues. At the same time, flexibility of creating timelock smart contracts with tools like OpenZeppelin Defender offers promising benefits to developers. Learn more about smart contracts and how you can use timelocks to your advantage.
*Disclaimer: The article should not be taken as, and is not intended to provide any investment advice. Claims made in this article do not constitute investment advice and should not be taken as such. 101 Blockchains shall not be responsible for any loss sustained by any person who relies on this article. Do your own research!