Always revert when there is a value already pending

[MathisGD]

https://morpholabs.slack.com/archives/C02N7CSP91C/p1702634824993509

Fixes #221

[Rubilmax]

This design relies on the fact the pending value is deleted every time a value is set

[Jean-Grimal]

The natspec should be updated

[Rubilmax]

Pointing out that being consistent with #348 requires to revert in submitMarketRemoval and submitCap

[Jean-Grimal]

A test on submitting a guardian while there is already a pending guardian should be added

[MerlinEgalite]

I still think the naming change was not necessary

[MerlinEgalite]

@MathisGD can you revert back the naming and fix the conflicts please?

[StErMi]

Before, you could have a pending value (decrease of timelock) that could have been deleted by another submitTimelock that set the new timelock to a new one (higher timelock)

Now you won't be able to do that, and you are forced to wait for the timelock to expire or revoke it and call it again.

The same goes for submitting an even lower timelock when one pending timelock was already submitted.

Is this the intended new behavior?

[MerlinEgalite]

yes we enforce to revoke every pending values before submitting a new one.

[StErMi]

I think that this is a welcome check because the removal of a market is a very strong operation that also has a timelock that is different compared to the cap timelock (and previously they were non correlated within the logic). Now if a market is marked as "to-be-removed" such operation has the priority and will lock any changes to the cap.

Now as soon as a market is marked as to-be-removed, there's no way to re-enable the cap (that is already set to zero) unless you explicitly call revokePendingMarketRemoval

[StErMi]

Like for the submitTimelock, this new check brings some side effects. Unless you revoke the previous pending proposal, or you wait for the timelock + accept it, you cannot

• create a new proposal
• insta-change the supply cap (when the new cap is lower)

In general, you are giving much more priority and power to the pending proposals. Is this the intended behavior?

[MerlinEgalite]

yes it is. What we'll do is that in the frontend we can leverage the multicall functionality to bundle a revoke + submit in a single tx to perform the required actions.

[StErMi]

Would you mind confirming the logic of the behavior? Because otherwise, I'm trying to reverse engineering it and could arrive at the wrong conclusion.

The new logic allows the submission of a change to the

• timelock
• guardian
• supply
• market removal

Only if there's no direct or indirect pending proposal currently in action.

To be more clear

• direct: you can't submit a cap proposal if there's already one
• indirect: you can't submit a cap proposal if there's a pending market removal proposal

Moreover, there are some "custom" requirements (that still need to be documented), like for example

• you can't require a market removal if the cap is not already set to zero. In general, you don't want to execute implicit logic, but the state must be already "ready" to perform the action once the timelock has ended.

Would you mind confirming or detailing more/correct my recap?

[StErMi]

Giving the immutable nature of MM (you can't upgrade and change the logic) it could make sense to create utility contracts to manage it.

Like for example an external contract (with the owner or curator role) that perform all the actions needed to be able to execute MM.submitMarketRemoval

• if the cap is not 0 and there's a pending proposal, revoke it and set it to zero
• call the submitMarketRemoval

[MerlinEgalite]

I confirm your first comment. We wanted submit*, revoke* and accept* functions to be single purpose functions with less side effects than previously.

For the second comment, the vault inherits from Multicall which allows to extract that logic offchain, so what you proposed will be done in Morpho Blue's frontend. Nonetheless, some vault curators are likely to write their own logic but we won't write it ourselves.