Any particular reason this code is copy/pasted instead of inheriting from DSProxy? We are going to give DSProxy some love soon and I see potential trouble if we make separate changes

Also this !! https://github.com/dapphub/ds-delay
We can just deprecate it but have a look first, never hurts to compare

Any particular reason this code is copy/pasted instead of inheriting from DSProxy?

I've also been thinking about doing this.

Originally this contract was using the newer rely/deny memes for auth so wasn't compatible with ds-proxy, but I've since switched back over to ds-auth to allow for easier integration with ds-chief, so that's no longer a consideration.

I think that I would probably prefer to use solidity delegatecall instead of pulling in all of ds-proxy (mostly for simplicity & readability), but hevm does not correctly implement the delegatecall gas semantics atm and there certainly isn't unanimous support for this approach anyway (discussion here).

Finally as a general point I think we are trying to avoid inheritance in our newer contracts (both for readability & ease of formal verification).

Also this !! https://github.com/dapphub/ds-delay
We can just deprecate it but have a look first, never hurts to compare

Yes, I've seen and read over both ds-delay (this was my first choice name 😁) and ds-clock.

After chatting about scope with rune and rain, I'm happy to call this version 1 and get this done as straightforwardly as possible. We can leave ds-delay for a future version when we solve Proxy and its family (including Async)

Ideally pause would be implemented with something like

function exec(bytes32 id) {
    require( now >= timers[id] );
    super.exec(id);
}

Old plan signature defaults to 0 timer argument (no pause - executable immediately). New plan overload gets +1 arg for timer.

The pause is intended as a component in the dss governance system. The delay is important in the scenario where a malicious governance action makes it through MKR voting, as it gives DAI / CDP holders time to exit the system, or honest MKR holders time to trigger emergency shutdown.

If we allow MKR holders to execute plans immediately we allow them to bypass this layer of defense.

Regarding inheriting from DSProxy, I'm not opposed to the idea but I'm actually leaning towards replacing delegatecall with call (it's weird to allow exec to modify internal storage).

Even if we stick with delegatecall I also worry that inheriting from DSProxy would make formal verification much harder.

@nmushegian I think that the changes in #21 mean that we cannot inherit from ds-proxy.

I would either replace this assembly block with the delegatecall from solidity, or pull this ds-proxy implementation out into it's own mixin if it is preferred.

Pls discuss further on #9 🙏 🙂