The one exception to note here is the "native.test" vault which is a tool that is used for testing UI and not used within the system. This is managed by an EOA to faciliate testing of various parameter changes.
How to verify upgradability rights on ProxyAdmin
getProxyAdmin(address) for each upgradeable contract in the system should return the address of the ProxyAdmin. This means that contract is under management of the given ProxyAdmin.
If this proxyAdmin is not the control of that contract, this call will revert.
owner() of the proxyAdmin should resolve to the Badger governance multisig.
Governance access control
The operational multisig has governance rights over each contract in the Sett system (vaults, strategies, controller). This can be verified by the governance() view function on each respective contract. See deploy file for list. The governance and upgradability rights can also be checked programmatically via the BSC governance verification script.
bBadger and bDigg tokens
The bridged tokens are not upgradeable and access rights are minting / burning permissions are managed by Multichain.
All contracts within the Badger system are verified on etherscan.