Description
I've found a dozen or active projects on mainnet using multi-sigs or voting that missed the note about revoking the admin permissions from the deployer of TimelockController.
The timelock is often deployed unmodified, and often a developer's only interaction with the timelock is a line or two in a deploy file. This means that the only thing they see is the constructor and its method names. Seeing these names, it's logical to conclude that the timelock only has two permissions - and to not know that super admin permissions are granted in the constructor to the deployer key.
I think a way of clearing up this confusion is to have the super admin powers, outside the timelock controlling itself, be explicitly granted as a list in the constructor, just like the other permissions.
(Tweets: https://twitter.com/danielvf/status/1572963306725318657)