Plan and execute a v2 contract upgrade that removes direct admin timelock bypasses #293
Description
Summary
The deployed mainnet contract still exposes direct admin functions that bypass the timelock. This is documented in docs/TIMELOCK-BYPASS-AUDIT.md as a known limitation and currently mitigated only through frontend restrictions, monitoring, and operational policy.
Why this matters
For a project positioned as production-grade, governance guarantees should exist on-chain rather than primarily in frontend policy. Leaving bypass paths in place weakens the story around decentralization, user trust, and safe operations.
Proposed work
- Finalize the v2 contract design that removes direct fee and pause bypass functions.
- Preserve or improve the current timelocked governance flow.
- Define a migration plan for ownership, frontend contract references, analytics continuity, and user communication.
- Document rollout, cutover, and rollback procedures.
Acceptance criteria
- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- A- er, and user-facing communication.
- The new design is tested on simnet with governance scenarios.
- Upgrade documentation is complete enough for a production rehearsal.