Guardian/pause-keeper distinct from upgrader

Axelar Network's assessment for RD-F-034 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No explicit pause/guardian role on EVM gateway. mintLimiter (Custom Multisig 3-of-6) can set per-token rate caps — emergency defense, separate from upgrade path (good). ITS: single EOA holds both upgrade and setPauseStatus() — upgrader = pauser on the ITS surface (bad; collapse of separation). Partial separation on gateway; none on ITS.

Sources #

Docs
Axelar Security Model — DocsAxelar security: rate limiting via mintLimiter; no explicit pause function on gatewayretrieved 2026-05-17
GitHub
InterchainTokenService.sol — GitHubInterchainTokenService.sol: setPauseStatus(bool) uses onlyOperatorOrOwner — accessible to EOA owner 0x6f24...retrieved 2026-05-17

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-034 score yellow collected_at 2026-05-16 21:57:49