Certora team security review
Certora confirms that this migration is safe and restores proper upgradeability of the CoreGhoDirectMinter.
- We confirm the issue with the redundant ProxyAdmin ownership in the old facilitator, which prevented upgrades but did not pose any direct security risk.
- The migration payload correctly transfers the facilitator’s GHO balances, bucket capacity, and roles to the new instance in an atomic way, ensuring no window for inconsistent state or supply.
- Permissions are updated as expected: the new facilitator is correctly integrated with the
GovernanceV3Ethereum.EXECUTOR_LVL_1as admin, restoring the DAO’s ability to perform future upgrades. - As the Direct Minter is an internal DAO component, the change has no impact on end users or the GHO market.
Overall, we consider the proposal safe, well-implemented, and supportive of long-term protocol maintainability.