defirisk.co
rubric v1.7.0

Admin wallet interacts with flagged addresses

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor checks whether the protocol's admin address has sent or received transactions involving addresses on a curator-maintained watchlist — including known dust-attack targets, mixer deposit addresses, sanctioned clusters, and addresses linked to prior exploits or exit scams. The check is performed via on-chain transaction history analysis and cross-referenced against the watchlist.

**Why it matters** Admin address interactions with flagged addresses are a soft signal of potential insider risk or compromised key custodian relationships. A protocol whose admin wallet has received funds from a mixer, sent funds to a OFAC-sanctioned address, or interacted with a known exit-scam contract presents an elevated risk of insider-motivated drain. This factor is not individually sufficient to alter a grade, but it contributes to the overall governance risk picture and can corroborate other signals in the dev identity category (Cat 7).

**Green / Yellow / Red** Green is assigned when the admin address has no interactions with flagged addresses in the watchlist. Yellow covers cases where interactions are present but explainable (e.g., dust-attack receipt with no active response) or where the watchlist confidence is low. Red is assigned when the admin address has sent funds to or actively interacted with mixer addresses, sanctioned clusters, or known exit-scam deployers.

**Common gray cases** This factor is grayed when the admin address cannot be identified from on-chain data, or when the watchlist coverage for the relevant chain is sparse.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether the admin/upgrader address has sent or received transactions with addresses on the curator watchlist (mixer deposits, dust-attack targets, OFAC-listed).

Data & output #

Data source
Chainalysis/TRM API cluster feed + Etherscan tx history of admin address
Output format
Green / Yellow / Red
Evidence artifact
Admin address + cluster-feed hit list + most recent flagged interaction tx hash
Confidence signal
green = no flagged interactions; yellow = distant interaction (3+ hops) with flagged cluster; red = direct send/receive with OFAC-listed or known-rug address; gray = cluster feed unavailable

Scored protocols 80 carry this factor #

Protocol RD-F-044
Aave v3 ethereum gray Across Protocol ethereum gray Aerodrome Finance base gray Axelar Network ethereum gray Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum green Beefy Finance ethereum gray BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum green Chainlink CCIP ethereum gray Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum gray deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx gray EigenLayer ethereum gray Ethena ethereum green ether.fi ethereum gray Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum not_assessed Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana gray Jupiter solana gray Jupiter Perpetual Exchange solana not_assessed JustLend DAO tron gray Kamino Lend solana gray Kinetiq hyperliquid gray Lido ethereum gray Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum gray Maple Finance ethereum gray Marinade Finance solana green Meteora solana gray mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum gray OpenEden ethereum gray Orca solana gray PancakeSwap bsc gray Pendle Finance ethereum not_assessed Polymarket polygon green QuickSwap polygon green Raydium solana not_assessed Rocket Pool ethereum green Sanctum solana gray Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum green Spiko stellar gray Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc gray Wormhole ethereum gray Yearn Finance ethereum gray
0 red · 1 yellow · 20 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-044 category 2 carried 80 critical no