💬 Want to contribute? Join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0
Problem
Proposals in the MultisigGovernance contract never expire. Once created, a proposal can be finalized at any time in the future regardless of how old it is. This means:
- Old proposals with enough approvals can be executed years later
- No way to clean up stale proposals
- A compromised signer key could approve old dormant proposals
Expected Behavior
Proposals should have a configurable expiry window. After the expiry:
- The proposal cannot be approved or finalized
- Anyone should be able to call a
cancel_expired_proposal(proposal_id) function to clean it up
- The expiry window should be configurable by admin (e.g. 30 days worth of ledgers)
Suggested Fix
In contracts/multisig_governance/src/lib.rs:
- Add an
expires_at field to the Proposal struct (set to current_ledger + expiry_window on creation)
- In
approve_proposal() and finalize_proposal(), check current_ledger <= proposal.expires_at
- Add a
cancel_expired_proposal(proposal_id) function
- Add an
expiry_window config stored in instance storage, settable by admin
Location
contracts/multisig_governance/src/lib.rs
Problem
Proposals in the MultisigGovernance contract never expire. Once created, a proposal can be finalized at any time in the future regardless of how old it is. This means:
Expected Behavior
Proposals should have a configurable expiry window. After the expiry:
cancel_expired_proposal(proposal_id)function to clean it upSuggested Fix
In
contracts/multisig_governance/src/lib.rs:expires_atfield to theProposalstruct (set tocurrent_ledger + expiry_windowon creation)approve_proposal()andfinalize_proposal(), checkcurrent_ledger <= proposal.expires_atcancel_expired_proposal(proposal_id)functionexpiry_windowconfig stored in instance storage, settable by adminLocation
contracts/multisig_governance/src/lib.rs