While security affects all of software development, security in smart contracts is particularly important. Anyone can send a transaction directly to your contracts with any payload, and all your contract code and state is publicly accessible.
Security is a primary concern at all stages of development. This means that **security is not something that we sprinkle on any project, but a guiding principle since day one.
When working with private keys proper procedure should be followed that is outline in our Security Policy. The accounts we use to deploy and interact with our contractss and network we try and take every precaution to protect our keys. Users should consider using a hardware wallet if necessary and providing for backups in a secure, offline storage vehicle.
Additionally, we have defined certain accounts to have special privileges in our system - and have taken extra care to secure them.
An admin (short for administrator) account is one that has special privileges in our system. For example, an admin may have the power to pause a contract.
For securing admin accounts we use a special contract, such as a multisig, instead of a regular externally owned account. A multisig is a contract that can execute any action, as long as a predefined number of trusted members agree upon it. Gnosis Safe is one of the systems we use to employ admin keys.
A special administrator account is the account with the power to
upgrade other contracts. This defaults to the externally owned account used to deploy the contracts.
OTE: In a standard OpenZeppelin project, all proxies are actually managed by a central ownership contract named the ProxyAdmin, which is in turn owned by the deploying account. Running
set-admin on all instances will change the owner of the ProxyAdmin on an atomic transaction. Alternatively, you can change the admin of individual proxies.