Timelock
Timelock is a crucial security mechanism in Morpho Vaults that protect users by introducing mandatory waiting periods before certain governance actions can be executed.
What is a Timelock?
A timelock is a security feature that creates a mandatory delay between when an action is proposed and when it can be executed. In Morpho Vaults, this means:
- When a vault administrator proposes a change that could affect risk parameters (like adding a new market or increasing supply caps), they must first submit the change.
- The proposal enters a waiting period equal to the timelock duration.
- Only after this waiting period elapses can the change be implemented.
This delay gives users time to review proposed changes and exit their positions if they disagree with the new risk parameters, preserving the non-custodial nature of the protocol.
Why Timelock Matter
Timelock serve several important functions:
- User Protection: Users have time to withdraw their funds if they disagree with upcoming changes
- Transparency: All proposed changes are visible before they take effect
- Attack Mitigation: Even if admin keys are compromised, attackers must wait through the timelock period, giving time for defensive actions
Morpho Vaults v1.0 vs v1.1
In v1.0:
- Timelock was required to be set at deployment and could never be zero, always between 1 day and 2 weeks.
In v1.1:
- Flexible Initial Setup: The timelock can be set to zero at deployment, allowing immediate configuration
- Adjustable Timelock: After initial setup, the curator can set a timelock within bounds (1 day to 2 weeks)
- One-Way Security: Decreasing the timelock requires waiting through the current timelock, while increasing it takes effect immediately
Viewing Timelock Settings
You can check the current timelock value for any Morpho Vault by visiting the "Read Contract" section on any blockchain explorer and looking up the timelock function, which returns the timelock value in seconds. This design carefully balances usability for vault administrators with strong security guarantees for users, ensuring that Morpho Vaults remain truly non-custodial.