Trusted actors who have privileged roles with capabilities to deploy contracts, change critical parameters, pause/unpause system, trigger emergency shutdown, withdraw/transfer/drain funds and allow/deny other actors should be addresses controlled by multiple, independent, mutually distrusting entities.
They should not be controlled by private keys of EOAs but with Multisigs with a high threshold (e.g. 5-of-7, 9-of-11) and eventually by a DAO of token holders. EOA has a single point of failure.
- Privileged Roles/Actions
- Deploy/Modify/Pause/Shutdown/Withdraw/Whitelist
- EOA Vs MultiSig
- EOA -> Single Point of Failure
- MultiSig -> Privilege Separation