Update language for Governance to include Centralization risk

awarding/incentive-model-and-awards/README.md

@@ -122,9 +122,9 @@ For Validator-improved submissions: if the judge believes the validator added a
 
 ## QA and Gas Optimization Reports
 
-In order to incentivize wardens to focus efforts on high and medium severity findings while also ensuring quality coverage, the pool’s allocation is capped for low severity, governance, and gas optimization findings.
+In order to incentivize wardens to focus efforts on high and medium severity findings while also ensuring quality coverage, the pool’s allocation is capped for low severity, governance/centralization risk, and gas optimization findings.
 
-Low severity and governance findings are submitted as a **single** QA report. Similarly, gas optimizations are submitted as a single gas report. For more on reports, see [Judging criteria](/awarding/judging-criteria/README.md).
+Low severity and governance/centralization risk findings are submitted as a **single** QA report. Similarly, gas optimizations are submitted as a single gas report. For more on reports, see [Judging criteria](/awarding/judging-criteria/README.md).
 
 QA and gas optimization reports are awarded on a curve based on the judge’s score.
 

awarding/judging-criteria/README.md

@@ -69,14 +69,14 @@ The scoring system has three primary goals:
 * Hardening C4 code audits to Sybil attacks
 * Encouraging coordination by incentivizing Wardens to form teams.
 
-### QA reports (low risk and governance)
+### QA reports (Low risk and Governance/Centralization risk)
 
-Low risk and Governance findings must be submitted as a _single_ QA report per warden. We allocate a **fixed 4% of prize pools toward QA reports.**
+Low risk and Governance/Centralization risk findings must be submitted as a _single_ QA report per warden. We allocate a **fixed 4% of prize pools toward QA reports.**
 
 QA reports should include:
 
 * all low severity findings; and
-* all Governance findings.
+* all Governance/Centralization risk findings.
 
 Each QA report should be assessed based on report quality and thoroughness as compared with other reports, with awards distributed on a curve. 
 

awarding/judging-criteria/severity-categorization.md

@@ -2,7 +2,7 @@
 
 Where **assets** refer to funds, NFTs, data, authorization, and any information intended to be private or confidential:
 
-* **QA (Quality Assurance)** Includes **Low risk** (e.g. assets are not at risk: state handling, function incorrect as to spec, issues with comments) and **Governance** (centralization risks, admin privileges). Excludes Gas optimizations, which are submitted and judged separately. Non-critical issues (code style, clarity, syntax, versioning, off-chain monitoring (events, etc) are discouraged.
+* **QA (Quality Assurance)** Includes **Low risk** (e.g. assets are not at risk: state handling, function incorrect as to spec, issues with comments) and **Governance/Centralization risk** (including admin privileges). Excludes Gas optimizations, which are submitted and judged separately. Non-critical issues (code style, clarity, syntax, versioning, off-chain monitoring (events, etc) are discouraged.
 * **2 — Med:** Assets not at direct risk, but the function of the protocol or its availability could be impacted, or leak value with a hypothetical attack path with stated assumptions, but external requirements.
 * **3 — High:** Assets can be stolen/lost/compromised directly (or indirectly if there is a valid attack path that does not have hand-wavy hypotheticals).
 

roles/wardens/README.md

@@ -44,7 +44,7 @@ When a sponsor designates a team member who is available for questions, that per
 
 * Turn in your reports before the audit end time.
 * For each audit, submit your Medium and High risk findings individually.
-* Bundle all of your low-risk and governance findings into a single QA report. 
+* Bundle all of your low-risk and governance / centralization risk findings into a single QA report. 
 * Similarly, list *all* of your gas optimizations together in a single Gas report.
 * Be sure to [register your handle and Polygon address](https://code4rena.com/register/account) to receive your share.
 * Publicly disclosing (e.g. publishing or discussing) any discovered bugs or vulnerabilities before the audit report has been published is grounds for disqualification from all C4 events.

roles/wardens/submission-guidelines.md

@@ -23,7 +23,7 @@ It is also recommended to ensure you receive email confirmation of each submissi
 - **High, Medium, and QA reports:**
     - Wardens should [review Code4rena's severity categorization](https://docs.code4rena.com/awarding/judging-criteria/severity-categorization) prior to submitting vulnerabilities, and select the appropriate risk when submitting.
     - Medium or High severity findings should be submitted individually.
-    - All QA findings (Low risk or Governance) must be submitted as a single QA report per warden (or team).
+    - All QA findings (Low risk or Governance / Centralization risk) must be submitted as a single QA report per warden (or team).
     - Centralization risks, and systemic risks should be submitted as part of the QA report.
 - **Gas optimizations:** For audits that include a Gas optimization pool, all identified gas optimizations should be submitted within a single Gas report per warden (or team). Note: the gas award pool is set according to the sponsor's preference.
 
@@ -36,7 +36,7 @@ Low and non-critical findings must be submitted as a single QA report per warden
 Your QA report should include:
 
 - all low severity findings
-- all Governance findings (centralization risks and admin privileged functions)
+- all Governance / Centralization risk findings (including centralization risks and admin privileged functions)
 - Non-critical findings are discouraged. 
 
 Formatting: