What is a Timelock?
A timelock is a smart contract pattern that introduces a mandatory delay between when a privileged action is proposed and when it executes. For example, a protocol might require a 48-hour timelock on all admin actions — meaning users have 48 hours to withdraw their funds before any change takes effect.
Timelocks are a critical security feature in DeFi. Without one, a malicious developer or compromised admin key could instantly drain a protocol’s funds or change its rules.
How Timelocks Work
- An authorized party (governance, multisig, admin) proposes an action
- The action is queued in the timelock contract with a delay period
- After the delay period passes, the action can be executed
- Users can see the queued action on-chain and react accordingly
Example
A DeFi lending protocol has a 48-hour timelock on all admin functions:
- Day 0: Governance proposes adding a new collateral type
- Day 0-2: Users can review the proposal and its impact
- Day 2: If the proposal is benign, it executes. If it’s malicious, users had 48 hours to withdraw
Why Timelocks Matter
| Without Timelock | With Timelock |
|---|---|
| Admin can drain funds instantly | Users have time to withdraw before changes |
| Malicious upgrades happen without warning | Community can detect and respond to hostile takeovers |
| Rug pulls are instant | Users see the exit coming and can leave |
Common Timelock Patterns
Governance Timelock
Protocol governance (token voting) proposes changes → timelock delay → execution. Standard delay: 24-72 hours.
Admin Timelock
A multisig or admin key proposes changes → timelock delay → execution. Used for emergency parameter changes.
Gradient Timelock
Different actions have different delays. Routine parameter changes: 24 hours. Critical changes (contract upgrades): 7 days.
How to Check for Timelocks
Before depositing funds in a DeFi protocol:
- Check if the protocol’s admin functions go through a timelock
- Verify the timelock delay length (24h minimum, 48-72h recommended)
- Check who can queue actions (governance, multisig, single admin)
- Look for timelock contracts on the protocol’s docs or etherscan labels
Frequently Asked Questions
Q: What’s a good timelock duration? A: 24 hours minimum for routine changes. 48-72 hours for parameter changes. 7+ days for contract upgrades. The longer the timelock, the more time users have to react — but slower emergency response.
Q: Can a timelock be cancelled? A: Yes, in most implementations. The proposer or governance can cancel a queued action before it executes. This is useful for fixing mistakes or reversing decisions after further discussion.
Q: Does a timelock protect against all rug pulls? A: Not entirely. A timelock protects against instant admin drains. But if users don’t monitor the timelock queue (or don’t understand the implications of a proposed change), they may not react in time. Timelocks require informed users to be effective.