Tetu has a central governance contract - Controller under control of MultiSig Wallet with public signers.
However, for reducing EOA effect we implement different levels of access to our contracts.
We have 48h time lock for any actions on this layer.
Protection logic implemented in a special contract - Announcer
Announcer contains scheduling for time-locked operations.
For each function announce call twice forbidden.
Function types under time-lock control:
Any contract address changes in Controller
Any ratio changes (currently Profit Sharing and Fund ratios)
Any token movements from contracts to MultiSig Wallet
TETU mint operation
Proxy contract upgrades
Strategy change for a vault
The only controller has access to this type of function and can call it only after the time-lock period.
On this layer, we will not use time-lock for the reason of not critical functionality or urgent actions.
Controller or Governance can call it immediately:
Remove vaults or strategies from the registered lists
Add/remove Reward Distributor addresses
Add/remove HardWorker addresses
Add/remove from Whitelist
Register Vault/Strategy
Set conversation path for rewards
Emergency exit from external project and pause investing
Continue investing
Move money from strategy to vault
Invest money from strategy to external project
Only MintHelper has access to our TETU token contract and this address is unchangeable.
Setup Dev Funds addresses and ratios for next mints
Change activity status
Deactivated vault can't do HardWork and accept Deposits. Withdraw allowed.
Call DoHardWork
Add/Remove reward tokens
Rebalance vault (withdraw all from strategy to vault and invest again)
Withdraw all from strategy to Vault
Move tokens from LiquidityBalancer to Controller contract
Set target Price/TVL
Set Router
Set Targets' Update ratios
Disperse weekly emission
Move tokens from NotifyHelper to Controller
Add worker or change the worker wallet address
Change any worker settings except worked hours
Pay salary
Set Price Calculator address
Move tokens from PayrollClerk to Controller
Change any settings
Any actions allowed for HardWorker/Distributor also allowed for Controller and Governance
Allowed:
DoHardWork for HardWorker
Call LiquidityBalancer for HardWorker
Disperse rewards for vaults for Reward Distributor