Hey! MixBytes team here 
Recently, 4 security researchers reviewed the specification for the changes made to the Easy Track EVM Factories. These changes introduce the management of the MEV Boost Relay Allowed List contract, enabling the creation of motions to add, remove, and edit relays in the Allow List through the EasyTrack contract.
The description of the EVMScript Factory calldata checks is sufficient and ensures compatibility, meaning it won’t cause any disruptions. Additionally, all the newly introduced function interfaces are correct.
We reviewed the pull request introducing AddMEVBoostRelays.sol, RemoveMEVBoostRelays.sol, and EditMEVBoostRelays.sol contracts to gain a deeper understanding of the changes. However, we did not conduct a full audit on these contracts; it was more of an architectural overview.
All operations previously performed by the RMC committee on the Relays Allow List will now be executed through Easy Track motions, maintaining full functionality without any limitations.
We also examined the proposal to extend the On-Chain Voting Duration, which could theoretically allow Easy Track to front-run an ongoing DAO vote, as the Lido Agent Multisig is kept as the owner of the MEVBoostRelayAllowedList.vy contract. However, since Easy Track motions can only be initiated by trusted callers and there is an Emergency Brakes Multisig capable of pausing Easy Track, this does not pose any security risks.