Change admin role allocation in TimelockControler constructor (OpenZe…

…ppelin#3722) Co-authored-by: Francisco <frangio.1@gmail.com>
JulissaDantes · Nov 4, 2022 · 3281d9c · 3281d9c
1 parent c98490e
commit 3281d9c
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/1 b/1
@@ -0,0 +1,21 @@
+Ignore specific warnings and make the rest into errors (#3695)
+
+# Please enter the commit message for your changes. Lines starting
+# with '#' will be ignored, and an empty message aborts the commit.
+#
+# Author:    Francisco <frangio.1@gmail.com>
+#
+# interactive rebase in progress; onto 6ff283be
+# Last commands done (39 commands done):
+#    pick fcc4105a Update ReentrancyGuard documentation (#3715)
+#    pick 2034a3e1 Ignore specific warnings and make the rest into errors (#3695)
+# Next commands to do (41 remaining commands):
+#    pick 6f34c1dd Fix fuzzing coverage (#3716)
+#    pick 5756a8a7 Improve `ERC20FlashMint` documentation (#3719)
+# You are currently rebasing branch 'timelock-roles' on '6ff283be'.
+#
+# Changes to be committed:
+#	new file:   contracts/mocks/ERC721ConsecutiveEnumerableMock.unreachable.sol
+#	modified:   contracts/token/ERC721/extensions/ERC721Enumerable.sol
+#	modified:   package-lock.json
+#
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -63,6 +63,8 @@
 
  * `ERC4626`: Conversion from shares to assets (and vice-versa) in an empty vault used to consider the possible mismatch between the underlying asset's and the vault's decimals. This initial conversion rate is now set to 1-to-1 irrespective of decimals, which are meant for usability purposes only. The vault now uses the assets decimals by default, so off-chain the numbers should appear the same. Developers overriding the vault decimals to a value that does not match the underlying asset may want to override the `_initialConvertToShares` and `_initialConvertToAssets` to replicate the previous behavior.
 
+ * `TimelockController`: During deployment, the TimelockController used to grant the `TIMELOCK_ADMIN_ROLE` to the deployer and to the timelock itself. The deployer was then expected to renounce this role once configuration of the timelock is over. Failing to renounce that role allows the deployer to change the timelock permissions (but not to bypass the delay for any time-locked actions). The role is no longer given to the deployer by default. A new parameter `admin` can be set to a non-zero address to grant the admin role during construction (to the deployer or any other address). Just like previously, this admin role should be renounced after configuration. If this param is given `address(0)`, the role is not allocated and doesn't need to be revoked. In any case, the timelock itself continues to have this role.
+
 ### Deprecations
 
  * `EIP712`: Added the file `EIP712.sol` and deprecated `draft-EIP712.sol` since the EIP is no longer a Draft. Developers are encouraged to update their imports. ([#3621](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3621))