Join any discussion room in DeFi and you’re likely to see someone talking about Timelocks. Despite how often it comes up, it’s actually quite shocking to see how wrong most people are about it. So we here at RugDoc, we decided to clear things up once and for all.
Background Info #
Examples are good for explaining complex topics… so to appeal to the common ape, we’ll use one here.
Think of a Masterchef smart contract as a bank vault that stores all the funds farmers deposit into it. If a project has $2 million worth of funds in the Masterchef, we want to make sure it’s safe from theft.
The #1 risk when yield farming is suffering a Hard Rug. Migrators, proxies, and other hard rug vectors allow the theft of 100% of ALL funds. It’s the equivalent of the owner of the bank vault forcing you to give them a spare key so they could access your deposit anytime. With this policy, all you can do is hope the owner isn’t a bad person who will use that key to steal everyone’s funds.
Now that this is clear, we can get into the details of what a Timelock does and why you should or shouldn’t care about it.
What Exactly is a Timelock and Why Should You Care? #
If a Masterchef contract has a proxy or migrator, the owner could waltz into the vault at any time and steal EVERYTHING immediately. The bank vault protects the funds inside from theft from outsiders, but the owner has the key to the door. And since he forced you to give a spare key to your safety deposit box to him, he can now steal everything inside that too.
To prevent this from happening, we create a box in the bank lobby for the owner to put his bank vault key in. We’ll call this box a Timelock.
This box is special in that it has a configurable timer on it. Once the owner puts the key in and shuts it, the box locks itself. If the owner wants the key inside, he has to start the timer, and the box unlocks only once the timer runs out. This gives a malicious owner less power. Even though he has a spare copy of your safety deposit box key, he can’t get into the vault without the main vault key.
Transactions that are queued in a timelock are usually intended to update a variable and/or call a function that already exists in the Masterchef smart contract. These contracts are immutable and the functions within cannot be changed, only how they are called.
The Truth About Timelocks #
There’s only 1 scenario where a Timelock is useful. It is ONLY useful if the owner has elevated privileges that could allow him to steal your funds at any time. Without a copy of your key, the owner’s ability to access the vault at any time with his bank vault key doesn’t matter.
That’s right — the truth is: Timelocks don’t matter if the project is already at low risk for hard rugs. They only help guard against scummy owners who say they need access to your funds at all times. If the only thing protecting you from financial ruin is a Timelock, you’re likely to end up getting rekt.
That’s because Timelocks aren’t a perfect protection scheme.
For example, the owner could make a copy of the Master Vault Key before “depositing” it into the Timelock. While everyone else is looking at the Timelock in the lobby, he can sneak to the back and steal everything. This would be like when a smart contract hides the ability for the dev role to ALSO be able to execute actions.
Or the owner could also set the timer for the Timelock to be super short. If the timer is only 6 hours, the owner could start the timer at night and flee with your funds before you wake up.
So if you lack the resources to act upon a Timelock for 24 hours a day, it’s useless to you.
When Timelocks Are Detrimental #
If our Bank Vault Owner is a good guy and doesn’t have our keys, forcing him to Timelock can be bad.
For example, if there is a fire that’s detected in the vault, nobody including him can get inside to put it out for 12 hours. In those 12 hours, the fire could destroy everything in the safe.
In this scenario, the Timelock kills the project, since it locks a timely resolution out. This is why we don’t force projects to have a Timelock that don’t have malicious code. If the owner can’t steal your stuff either way, you’d rather them have access to fix issues quickly as needed.
TL;DR — In summary, here’s what we learned:
- Timelocks aren’t important for most projects, unless they’re shady to begin with.
- Chances are you don’t have the resources to act on a malicious Timelock event 24/7
- If a project needs a Timelock to prevent the theft of 100% of all funds… just walk away. There’s a million other projects that aren’t shady.
Develop a habit to ALWAYS check a project at RugDoc before you ape in.
It’s 100% free and we will ALWAYS highlight projects that can steal ALL funds from users.
If you want more information on how to verify a Timelock is properly set up, see our Wiki article on it here: