Timelocks and Permissions

The eBTC protocol utilizes three timelock contracts to ensure a secure, transparent and structured approach to most governance changes: the High Security Timelock, Low Security Timelock and the Treasury Timelock.

Contracts Used

The three timelock contracts are based on OpenZeppelin's TimelockController, a trusted and widely used contract in DeFi. This choice underscores the commitment to using robust and secure solutions for critical governance functions.

Governance Structure

  • High Security Timelock: This timelock has a longer delay period of 7 days, and is used for changes that have a significant impact on the protocol's security, stability. It is controlled by the HighSec TechOps multisig which has a 4/7 threshold and is made up of the core development team and back-up signers from BALCO, ensuring that major decisions are made with due diligence and the highest security.

  • Low Security Timelock: With a shorter delay of 2 days, this timelock is intended for more routine or less critical updates. It allows the protocol to remain agile and responsive to the needs of the ecosystem without compromising on security. It is controlled by the LowSec TechOps multisig, made up of the same signers as its HighSec but with a 3/7 threshold in favor of a higher agility.

  • Treasury Timelock: Governed by the Badger Treasury Council through the Treasury Vault multisig, it controls any changes to the value of the Protocol Yield Share (PYS). Its delay time is also 2 days, ensuring safety and agility around changes to this parameter.


All timelocks govern themselves, meaning that any changes to their configuration, such as adjusting the delay period or modifying their permissioned actors list, must pass through the timelock process itself. This self-governance model adds an additional layer of security and transparency, ensuring that any modifications to the governance mechanism are subjected to the same scrutiny and delay as other protocol changes.

Last updated