★ Sudden admin-rescue/ACL change without discussion
Beefy Finance's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Historical evidence: The 2021 Bunny vault coding error recovery involved an emergency admin action (strategy upgrade via dev multisig) executed without a documented prior GitHub issue, PR, or formal governance discussion. The Medium post-mortem ('funds recovery successful closure') describes a reactive '5 page recovery plan' deployed under time pressure with no mention of preceding community governance discussion. This is the canonical admin-rescue-without-discussion pattern that RD-F-123 targets. HOWEVER, mitigating factors: (1) The 3-of-6 dev multisig requires 3 independent signers for any admin action — not a single-EOA unilateral change; (2) Current 2023-2026 commit history shows no ownership-transfer or ACL-change commits without PR context; (3) GitHub issues search for 'admin OR ACL OR ownership OR rescue' in beefy-contracts returns 0 matches; (4) The 180-day window (Nov 2025 – May 2026) shows no unannounced admin rescue in commit history; (5) The team publicly disclosed the 2021
Sources #
- DocsContracts & Timelocks | Beefydocs.beefy.finance/safety/contracts-and-timelocks — 3-of-6 dev multisig controls all privileged functionsretrieved 2026-05-16
- beefy-contracts issues — admin/ACL searchgithub.com/beefyfinance/beefy-contracts/issues?q=admin+OR+ACL+OR+ownership+OR+rescue — 0 relevant issues returnedretrieved 2026-05-16
- Funds Recovery Successful Closure | Beefy Finance Mediummedium.com/beefyfinance/funds-recovery-successful-closure — 2021 Bunny vault admin rescue post-mortem; no preceding governance discussion mentionedretrieved 2026-05-16
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →