Our Solend Program, "
So1endDq2YkqhipRh3WViPa8hdiSpxWy6z3Z6tMCpAo", is owned by the BPF Upgradeable Loader program which lets the Upgrade Authority "
GDmSxpPzLkfxxr6dHLNRnCoYVGzvgc41tozkrr4pHTjB" upload a new program to make changes/improvements. We hold the keypair of the Upgrade Authority, so we utilize that to push upgrades to mainnet.
For now, there isn't a timelock program, but transitioning to governance in the future will cause upgrades to go through a governance vote as well.
However, minor changes to mainnet program are reviewed internally across multiple members of the team, or by external engineers from the Solana team. We will likely conduct another audit if we perform major changes to the codebase.
Our code is not "Anchor verified" yet, but we will look into doing so soon.
This lending market owner contains all the reserves for our main/isolated pools. When updating the configs such as reserve limit or parameters, we pass a tx through the lending market owner such as this one to update the configs. This can only change the configs and can't move funds from the user.
An example of configs we can change is setting deposit/borrow limit to 0. We do this when deprecating or delisting certain assets. However, we can't set withdrawal to 0 and lock up user funds.