Timelock

Security Updated Jul 2026

What is a Timelock?

A timelock is a smart contract pattern that introduces a mandatory delay between when a privileged action is proposed and when it executes. For example, a protocol might require a 48-hour timelock on all admin actions — meaning users have 48 hours to withdraw their funds before any change takes effect.

Timelocks are a critical security feature in DeFi. Without one, a malicious developer or compromised admin key could instantly drain a protocol’s funds or change its rules.

How Timelocks Work

  1. An authorized party (governance, multisig, admin) proposes an action
  2. The action is queued in the timelock contract with a delay period
  3. After the delay period passes, the action can be executed
  4. Users can see the queued action on-chain and react accordingly

Example

A DeFi lending protocol has a 48-hour timelock on all admin functions:

  • Day 0: Governance proposes adding a new collateral type
  • Day 0-2: Users can review the proposal and its impact
  • Day 2: If the proposal is benign, it executes. If it’s malicious, users had 48 hours to withdraw

Why Timelocks Matter

Without TimelockWith Timelock
Admin can drain funds instantlyUsers have time to withdraw before changes
Malicious upgrades happen without warningCommunity can detect and respond to hostile takeovers
Rug pulls are instantUsers see the exit coming and can leave

Common Timelock Patterns

Governance Timelock

Protocol governance (token voting) proposes changes → timelock delay → execution. Standard delay: 24-72 hours.

Admin Timelock

A multisig or admin key proposes changes → timelock delay → execution. Used for emergency parameter changes.

Gradient Timelock

Different actions have different delays. Routine parameter changes: 24 hours. Critical changes (contract upgrades): 7 days.

How to Check for Timelocks

Before depositing funds in a DeFi protocol:

  1. Check if the protocol’s admin functions go through a timelock
  2. Verify the timelock delay length (24h minimum, 48-72h recommended)
  3. Check who can queue actions (governance, multisig, single admin)
  4. Look for timelock contracts on the protocol’s docs or etherscan labels

Frequently Asked Questions

Q: What’s a good timelock duration? A: 24 hours minimum for routine changes. 48-72 hours for parameter changes. 7+ days for contract upgrades. The longer the timelock, the more time users have to react — but slower emergency response.

Q: Can a timelock be cancelled? A: Yes, in most implementations. The proposer or governance can cancel a queued action before it executes. This is useful for fixing mistakes or reversing decisions after further discussion.

Q: Does a timelock protect against all rug pulls? A: Not entirely. A timelock protects against instant admin drains. But if users don’t monitor the timelock queue (or don’t understand the implications of a proposed change), they may not react in time. Timelocks require informed users to be effective.