Upgrade multisig signer configuration (M/N)

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor counts the number of distinct addresses that hold any admin role across the protocol's deployed contract system — including owner, ProxyAdmin, upgrader, pauser, minter, fee collector, oracle setter, and any other role with elevated permissions. The count is produced by an on-chain sweep of AccessControl role members and owner slots across all contracts associated with the protocol.

**Why it matters** The count of distinct admin addresses sets the floor for understanding the protocol's attack surface. A protocol with a single admin address is maximally centralized; one with twenty role-separated addresses across multiple independent parties has a dramatically larger attacker burden. The evidence base shows that protocols with very small admin address counts — particularly those where count equals one — are over-represented in the off-chain key compromise cluster. The count alone is not graded as critical (role separation and threshold are assessed separately), but it is a required display field that contextualizes every other governance signal.

**Green / Yellow / Red** Green is assigned when three or more distinct addresses hold clearly-separated roles (upgrader, pauser, oracle setter, and fee collector are held by different addresses or multisigs). Yellow covers cases where two to three addresses hold the full role set, or where the count is high but roles overlap significantly. Red is assigned when a single address holds all elevated roles, regardless of whether that address is an EOA or a multisig — single-address role concentration is the underlying condition for RD-F-027.

**Common gray cases** This factor is grayed when on-chain AccessControl events are absent and source inspection is required but unavailable within the assessment window, or when a protocol uses factory-deployed contracts where role inheritance is unclear.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Read `threshold` and `getOwners()` on the multisig controlling upgrade / sensitive ops. Store as `required` (M) and `total` (N); render as "M/N". For EOA admins record `required=1, total=1` (display "1/1"). Null when admin is immutable or full DAO with no fixed signer set.

Data & output #

Data source

Safe Transaction Service API `{safe_address}/` endpoint (`threshold` + `owners` array); on-chain `getThreshold()` / `getOwners()` RPC fallback via Etherscan contract read; for non-EVM chains, equivalent multisig program account data

Output format

Green / Yellow / Red

Evidence artifact

multisig address + Safe API response or on-chain call result + `checked_at`; output schema `{"required": M, "total": N, "display": "M/N"}`

Confidence signal

green = threshold ≥ peer norm for TVL band; yellow = below peer norm; red = 1/1 (EOA) or abnormally low (cross-reference RD-F-028); gray = multisig not identifiable or non-standard admin pattern

Scored protocols 80 carry this factor #

Protocol RD-F-026

Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum yellow Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum gray Circle USYC binance red Compound V3 (Comet) ethereum yellow Concrete ethereum yellow Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum red Curve Finance ethereum green deBridge ethereum yellow Dolomite ethereum yellow dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum yellow Ethena ethereum yellow ether.fi ethereum green Euler V2 ethereum yellow Falcon Finance ethereum yellow Fluid ethereum gray Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana yellow Jupiter solana yellow Jupiter Perpetual Exchange solana yellow JustLend DAO tron not_applicable Kamino Lend solana gray Kinetiq hyperliquid yellow Lido ethereum green Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum yellow M^0 ethereum yellow Maple Finance ethereum green Marinade Finance solana yellow Meteora solana gray mETH Protocol ethereum green Midas ethereum red Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum red Ondo Finance ethereum yellow OpenEden ethereum yellow Orca solana green PancakeSwap bsc gray Pendle Finance ethereum yellow Polymarket polygon yellow QuickSwap polygon yellow Raydium solana green Rocket Pool ethereum green Sanctum solana yellow Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum green Spiko stellar yellow Stake DAO ethereum yellow StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid yellow SUNSwap (sun.io) tron gray Superstate ethereum red Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum yellow Symbiotic ethereum gray Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum yellow Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-026 category 2 carried 80 critical no