Educational Piece about Timelocks and Rugpulls
Rugpulls: one of the most proliferous types of scams seen throughout DeFi in 2021. What is a rugpull? A rug pull is effectively the founders of a project pulling the rug out from under their investors by stealing the tokens used for staking, liquidity mining, yield farming, etc. and lining their pockets with the investors’ money.
As this type of scam has become more widespread, projects have adopted some mechanisms to reassure their communities that they won’t do this. One of these methods is known as a timelock.
What is a timelock?
A timelock is a piece of code that locks a certain functionality of a smart contract until a specific amount of time has passed. Most often, this is the ability to transfer a token out of the contract. This makes it similar to a vesting schedule — funds won’t be accessible until a certain date, time, or block height.
Timelocks have been used by many project owners to demonstrate their commitment to the ongoing health of their platform.
In light of the numerous hacks, scams, and rugpulls across various DeFi platforms, timelocks are one indicator that a project is legitimate.
A timelock is similar to an employer’s 401k matching program that only pays out the full benefits if an employee stays with the company for a certain time, or stock options in an annual bonus that take a few years to fully vest.
However, timelocks or vesting schedules are not a completely failsafe method of protecting your assets.
Who uses timelocks?
SushiSwap is one high-profile DeFi platform that used a timelock to restore the shaken confidence of its investors. After the dramatic first few weeks of its existence — during which the platform’s creator Chef Nomi sold all of his tokens and dumped the price of $SUSHI by 99% — the SushiSwap community voted to lock two-thirds of newly minted liquidity provider rewards for six months. This gave the project the time it needed to re-establish itself as one of the leading DEXs.
Source: DeFi Llama
Pancake Swap is another project that makes use of a timelock, though in a slightly different way. The Pancake Swap developers set up a timelock contract that means every change in the protocol must be announced and broadcast to the network for six hours before it goes live. This gives the community time to react to changes and prepare accordingly.
It also gives those who are closely watching new developments the opportunity to jump into a new pool and earn the high returns that are on offer in the first few days of its existence. Traders and liquidity providers who want to be the first in a new pool can monitor this timelocked governance contract and be ready as soon as it goes live.
This requires a relatively high level of technical knowledge, though, or at least enough to know that this contract means that a UNI-BNB pool is about to open up.
How can I monitor timelocks?
UnRekt.net has a list of timelocked projects along with their contract addresses. If you take a look at the contract on Etherscan or BSCscan, you’ll be able to monitor every transaction that occurs on that address.
You can also set up alerts using either of these blockchain explorers. This will allow you to receive an email as soon as any transaction is confirmed on a contract address, whether it’s timelocked funds being transferred or a governance contract announcing new developments six hours before they go live.
Check out Ethscan’s tutorial on how to set up email notifications if it’s your first time doing so.
While a properly-coded timelock will effectively prevent the transfer of tokens stored within it, there are still a number of ways these contracts can be exploited, misused or bypassed.
A timelock contract is controlled by the platform’s administrator contract, called the Governor. This Governor contract can be controlled by a single admin, a mutli-sig setup, or a DAO (decentralized autonomous organization). This distinction is important, as whoever has controlling power over the timelock can submit whichever transactions they like to it, or exploit it if it is purposefully designed to be vulnerable.
A timelock contract doesn’t stop transactions from being confirmed, it merely broadcasts their coming confirmation to the network before it actually happens. For this reason, a malicious Governor could put through a transaction draining the protocol of its funds. If no one were watching the contract, there’d be no time for users to withdraw their assets before the rugpull occurred.
For an in-depth look at how timelocks can be bypassed — not so much exploited — take a look at OpenZeppelin’s explainer. It goes through the steps necessary to transfer the future ownership of tokens locked in a timelocked smart contract.
An imperfect solution
Timelocks have their benefits. A properly coded contract with no influence from a malicious Governor will by design keep assets locked up for the defined amount of time.
However, a timelock should not be seen as definitive proof that a project is legitimate and will not (or cannot) rugpull. There are ways to sell future ownership of timelocked tokens, and unmonitored timelocks are as good as no timelock at all. An administrator can also deploy a new contract or update an existing one (even one that’s been audited) that gives them the power to transfer funds that were previously timelocked.
Token timelocks can be a good indication of a project’s legitimacy, but they’re not a concrete indicator that a rugpull isn’t on the cards. As always, it’s best to do your own due diligence before committing funds to an untested platform.