ENS & contract address designation

Hey all,

I’m trying to think through how to prevent miso launch attack (contractor changed contract address before deployment) for my project.

I’ve been reading through ENS docs. It seems like using ENS as my canonical contract address source is a no brainer. My project already uses ethers.js, so integration should be painless.
Has anyone done this, what are the gotchas?

I also want to go a bit deeper. I want to automate my contract deployment. During contract deployment, I want my ENS controller to receive contract address update requests, and I want a multisig to approve the update. Is this pie in the sky nuts?