Security and Governance | EZManager Docs

Governance model

Deployment wires owner authority to a TimelockController (configured with a 2 day minimum delay), with a multisig as proposer/executor.

CLCore, CLManager, adapters, valuation, and planner ownership are transferred to timelock-controlled governance.

Role	Authority
Timelock governance (owner)	Executes owner-only configuration changes across CLCore, CLManager, adapters, valuation, and planner.
Guardian (multisig)	Can pause and unpause CLCore, CLManager, and adapters for incident containment.
Position owner	Controls position-level actions and per-position bot permission toggles.
Allowlisted bot	Can execute bot-enabled actions only when globally allowlisted and position-enabled.

Area	Owner-controlled settings
Pool allowlist and lifecycle	setPoolStatus controls Allowed, Deprecated, and NotAllowed status for each pool.
DEX adapter allowlist	addAllowedDex and removeAllowedDex control which adapters are usable.
Bot allowlist and fees	addBot/removeBot, setProtocolFeeBps, setBotFeeBps, and zero-fee wallet configuration.
Core wiring	setManager, setValuation, setProtocolReserve, and setBridgeTokens.
Manager safeguards	Minimum open USDC, max batch keys, second-pass parameters, planner and valuation addresses.

Control	Behavior
Pause control	Guardian pause blocks normal lifecycle execution paths while incident response is active.
Execution gating	Lifecycle actions are guarded by contract pause checks and allowlist checks.
Recovery behavior	Emergency recovery flows are documented in Emergency Response and Recovery.

Use Contract Addresses for current timelock, core, manager, and adapter addresses.

Use Allowed Pools for current pool status context and monitor on-chain contract events for configuration and lifecycle changes.