# Access Control ### TLDR In our smart contracts, we made some architectural decisions to reduce our smart contract risks and access control risks: * The Admin/Multisig does not have access to the principal * The Admin/Multisig can not permanently freeze funds. * The contracts are not upgradeable (No malicious upgradability can happen) * You can leave the position at any point in time * The Multisig/Admin only has access to the **weekly yield.** This represents less than 1% of the TVL * The withdrawal fee can change up to a 10% cap (No malicious attack on fees) Below we will dive deep into the privileges of each role: ### VaultController Multisig 2/3: This role is responsible for the functions `endRound` and `startRound.`During the `endRound` phase, other addresses can not perform deposit or withdrawal actions until the `startRound` function is called. In order to avoid the risk of principal funds getting stuck, after a week (\~604800 blocks) any address can call the startRound function, enabling withdrawals again. ### ConfigurationManager Owner Multisig 2/3: This role is responsible for setting the: * VaultController of a certain vault * Withdraw fee ratio of a certain vault (cap at 10% by the code) * Migration contract of a certain vault (in case of migration) * Cap of a certain vault ### Investor Multisig 2/3: This role is the one responsible for using 50& of the weekly yield to buy options at the best price. This could be an off-chain exchange, L2 trade, or OTC. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pods.finance/security/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.