The README notes:
Internal audit pass shipped 2026-05-07 (1 HIGH feeToSetter two-step rotation patched in source for v2 redeploys; deployed factory unaffected)
This issue tracks the patch landing in source + getting deployed when a v2 factory is cut. Currently the source presumably has a single-step setFeeToSetter() that transfers admin atomically (canonical UniV2 behavior). Two-step rotation = pending-admin pattern (OpenZeppelin Ownable2Step style).
Why
Single-step rotation is a one-mistake-loses-the-protocol risk. Two-step requires the new admin to explicitly acceptOwnership() before the rotation completes, preventing accidental rotation to a non-controlled address.
Scope
- Refactor
SentrixV2Factory.feeToSetter to two-step pattern
- Add tests for the pattern (cancel mid-flight, double-call safety, only-pending-admin can accept)
- Document the change for any consumer who polls
feeToSetter
Out of scope
- Rotating the live mainnet factory's admin — that's a separate operator decision
- Migrating existing pools to a new factory
The README notes:
This issue tracks the patch landing in source + getting deployed when a v2 factory is cut. Currently the source presumably has a single-step
setFeeToSetter()that transfers admin atomically (canonical UniV2 behavior). Two-step rotation = pending-admin pattern (OpenZeppelin Ownable2Step style).Why
Single-step rotation is a one-mistake-loses-the-protocol risk. Two-step requires the new admin to explicitly
acceptOwnership()before the rotation completes, preventing accidental rotation to a non-controlled address.Scope
SentrixV2Factory.feeToSetterto two-step patternfeeToSetterOut of scope