Timelock
The timelock is a cornerstone of security in Morpho Vaults. It is a mandatory waiting period for sensitive administrative actions, designed to protect depositors by ensuring transparency and providing a window to react to proposed changes. This mechanism is fundamental to the non-custodial nature of the vaults.
The Timelock Process
A timelock enforces a simple but powerful workflow for critical changes:
- Submit: An administrator (the
Curatorin V2, orOwner/Curatorin V1) proposes a change by submitting it to the vault contract. - Wait: The proposal becomes pending and enters a waiting period. The duration of this period is defined by the timelock. During this time, the change cannot be executed, and anyone can review it onchain.
- Execute: Once the timelock duration has passed, anyone can call the function to execute the proposed change, making it final.
This delay is crucial, as it prevents malicious or erroneous changes from taking effect instantly, giving users and safety roles (Sentinel/Guardian) time to intervene or withdraw their funds.
Timelocks in Morpho Vaults V2: Granular and Flexible Security
Vaults V2 upgrade the timelock concept significantly by introducing per-function timelocks. This allows for a more nuanced and sophisticated approach to security.
How It Works: Timelocks per Selector
Instead of a single, global timelock for the entire vault, a V2 Curator can assign a different timelock duration to each sensitive action, identified by its function selector.
This flexibility allows for risk-based security policies. For example, a Curator might configure their vault with:
- A 7-day timelock for high-risk actions like enabling a new, untested adapter.
- A 1-day timelock for routine, lower-risk actions like appointing a new
Allocator. - A 0-second timelock for actions they deem completely safe (though this is less common for production vaults).
Timelock Management in V2
The Curator has a specific set of tools to manage these timelocks, each with its own security logic:
-
Increasing Timelocks (
increaseTimelock): A Curator can increase the duration of any timelock instantly. Because making a safety delay longer is always a security-enhancing action, it does not require a waiting period. -
Decreasing Timelocks (
decreaseTimelock): This action is highly sensitive and is itself subject to a long, 2-week timelock. This prevents a malicious actor from instantly reducing all safety delays to zero. -
Abdicating Actions (
abdicateSubmit): A Curator can choose to permanently and irreversibly disable their ability to submit a certain type of change by setting its timelock to infinity. This is a powerful "trust-hardening" feature. For example, a vault could abdicate the ability to ever set aGate, guaranteeing to its users that it will remain permissionless forever.
Timelocks in Morpho Vaults V1
In contrast, Morpho Vaults V1 use a global timelock system. A single timelock duration applies to all protected actions within the vault, such as increasing a market's supply cap or setting the Guardian.
Key Characteristics of V1 Timelocks
- Flexible Initial Setup: The timelock can be set to zero at deployment. This is a major convenience that allows vault administrators to perform the initial configuration and market setup instantly without waiting periods.
- Post-Setup Security: After the initial setup, any change to the timelock must set its duration to be between 1 day and 2 weeks.
- Asymmetric Updates:
- Increasing the timelock takes effect immediately.
- Decreasing the timelock is itself a timelocked action, requiring a wait equal to the current (longer) timelock duration.
This V1 model provides robust security while allowing for practical initial vault deployment.
Viewing Timelock Settings
You can check the current timelock value(s) for any Morpho Vault by visiting the "Read Contract" section on a blockchain explorer and querying the timelock function.
- In V2, this function takes a function
selectoras an argument. - In V1, it returns the single, global timelock duration in seconds.
Comparison: Vaults V2 vs. Vaults V1
| Feature | Morpho Vaults V2 | Morpho Vaults V1 (MetaMorpho) |
|---|---|---|
| Timelock Structure | Per-function timelocks (granular control) | Global timelock (single duration for all actions) |
| Timelock Assignment | Different durations per function selector | One duration applies to all protected actions |
| Increasing Timelocks | Instant (security-enhancing) | Instant (takes effect immediately) |
| Decreasing Timelocks | 2-week timelock (highly protected) | Subject to current timelock duration |
| Initial Setup | Standard timelock rules apply | Can be set to zero at deployment |
| Permitted Range | Flexible (can be set to infinity via abdication) | 1 day to 2 weeks (after initial setup) |
| Abdication Feature | Yes (can permanently disable actions) | No |