In the ongoing DeFi hype, many scam projects launched and the developers dumped tokens or rug pulled contracts to make high amounts of profit. Evidently, this caused investors to lose large amounts of money. In order to address these exploits, timelocks have been created.
What is a Timelock? #
A timelock is a piece of code in a smart contract that can lock the functionality of an application for a certain amount of time. Timelocks are often used to support masterchef contracts. Timelocks are important because they offer high security against rug pulls.
To visualize how a timelock works, let’s use an everyday situation as an example. Suppose you want to make a personal appointment with the bank to discuss your mortgage. Call the bank and plan an appointment for the following week, this way it is indicated or queued to the bank that you will visit them next week. The appointment is “executed” from the moment you enter the bank.
Timelocks work in a similar way. Normally, if developers of a scam project want to change something in the masterchef, they can do so directly. By implementing a timelock, the developer must first call a queue transaction containing the changes to the contract. Depending on how the timelock is set, let’s say a timelock period of 3 days, it takes 3 days before the modification of the contract made by the developer is executed by means of an execution transaction.
How to use Timelocks #
Suppose you want to invest in a certain token. To make sure the token is insensible for rug pulls, follow the steps below.
Step 1. Open the token contract #
First, open the contract of the chosen token. In this example we chose the Cake token. Search “Cake” in bscscan.com, in order to read the contract. Click the contract address and scroll down, hit ‘Contract’.
Step 2. Read the contract #
Then, click ‘Read Contract’. We recommend you read the token contract carefully, it may have hidden exploits or other malicious functions.
Step 3. Open the masterchef #
After completing reading the token contract, click on the address under ‘getOwner’.
A new contract opens up. By clicking the contract heading, it will show the masterchef contract.
A masterchef contract is a smart contract used to oversee tokens and yield farms. The master chef code is the farm developers operations. For example, a master chef can be responsible for minting and burning tokens. It is important to read the masterchef contract carefully: it may also contain malicious coding. Frequently used rug pull codes can be found here.
Step 4. Open the timelock #
After you have read the masterchef contract, click on the heading ‘owner’. The timelock smart contract will open up, which is the owner of the masterchef contract.
As explained earlier, the timelock contract is responsible for enabling a cooldown period between the queue transaction and the execute transaction. This is a layer of protection against developers who want to remove funds. For example, when it comes to Cake, the developers have to wait a minimum of 6 hours to a maximum of 30 days between their queue transaction and execute transaction.
Suppose the owners or developers call in a function to the master chef to communicate for the token contract to execute a rug pull. Because of the timelock, they now have to wait at least 6 hours before the contract is adjusted. In the meantime, between the queue transaction and the execute transaction, the investor is able to look up in the queue transaction what functions the developers or owners want to change or add to the contract. However, it is possible that the modifications in the queue transaction are encrypted. This can be fixed by decrypting the text via various websites.
Timelocks are one of the most important features to prevent rug pulls because of the delays between queue and execute transactions. Investors can check whether the owner of developers is adding a simple update or rug pull function to the masterchef’s contract. By comparing the masterchef’s code with commonly used rug pull codes via rugdoc.io, investors feel more secure when investing in a token or farm.