Centralized risk
We observe that the project is intentionally centralized by design. Trillion retains the authority to perform functions such as minting, pausing, blacklisting, and upgrading, and users should be mindful of this fact. You can refer to the list of roles in Trillion's Token Design documentation here↗ to understand their respective capabilities.
Trillion maintains control over the addresses associated with all roles, as they clarify:
Trillion's wallet governance policy follows the principle of least privilege and the roles Minter, Pauser, Blacklister, and Rescuer on the FiatTokenV1 smart contract are each associated with a unique individual FireBlocks wallet, which only Trillion has control over. Each of these wallets implement MPC signing, which ensure that there is no single point of compromise for the private key used to sign these functions.
Trillion has strict wallet governance policies internally that allows us to ensure that even in the event of a compromise of any of the FireBlocks wallets, Trillion is able revoke access to any compromised wallet