The owner is a single point of failure and a centralization risk
A single EOA owns 16 privileged functions with no timelock or multisig, so a stolen or lost key can compromise the entire contract.
Description
Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure.
A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Consider changing to a multi-signature setup, or having a role-based authorization model.
Impact
owner() is not behind a multisig and changes are not behind a timelock.
Even if protocol admins or developers are not malicious there is still a chance for Owner keys to be stolen. In such a case, the attacker can cause serious damage to the project due to important functions. There are 16 instances of this issue across the project.
Recommendation
Add a time lock to critical functions. Admin-only functions that change critical parameters should emit events and have timelocks.
Allow only multi-signature wallets to call the function to reduce the likelihood of an attack. See this discussion for examples.
Also, detail them in the documentation and NatSpec comments.
