The Proxy contract is governed by one or more Governors of which the initial one is the deployer of the contract.
A governor has the sole authority to perform the following operations:
Nominate additional governors (
Remove other governors (
Add new implementations (proxied contracts)
Remove (new or old) implementations
Update implementations after a timelock allows it
Adding governors is performed in a two step procedure:
First, an existing governor nominates a new governor (
Then, the new governor must accept governance to become a governor (
This two step procedure ensures that a governor public key cannot be nominated unless there is an entity that has the corresponding private key. This is intended to prevent errors in the addition process.
The governor private key should typically be held in a secure cold wallet or managed via a multi-sig contract.