• rescueERC20 - This could set off some flags. The owner of the power switch also has the ability to extract every token in the pool. I would expect the owner of the vault would be the one to rescue tokens. For geyser v1, there's an admin rescue function, but it's restricted to not be able to rescue reward tokens.

The idea is that the only way to rescue tokens is to first shutdown the geyser completely and would only happen in the event of a hack. The reason for using the power controller for access control is that it is a higher tier of permissions than the geyser admin / proxy owner.

Permission tiers:

• Power controller: Can power off / shutdown the geyser and withdraw rewards if shutdown
• Proxy owner: Can change arbitrary logic / state by upgrading the geyser contract but is unable to operate on user funds due to UniversalVault and unable to operate on reward pool funds when reward pool is frozen / shutdown by power controller
• Geyser admin: Can add funds to the geyser, register bonus tokens, and whitelist new vault factories, is a subset of proxy owner permissions
• User: Can deposit / withdraw / ragequit

Let me know if this helps / where it should be documented

Originally posted by @thegostep in #131 (comment)