defirisk.co
rubric v1.7.0

Timelock duration on upgrades

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-032 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Timelock on admin actions is incompatible with the regulatory response model: the issuer must be able to act immediately on court-ordered freeze, sanctions compliance, or fund-rules changes. Scored not_applicable per PD-042 (Cat 2 RWA-issuer subset). Residual operational risk of key compromise is captured by multisig-coverage factors (yellow rather than N/A). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): No timelock. setTarget() callable directly by owner with no delay. Proxy source: function setTarget(address _target) external { require(msg.sender == _owner); emit ProxyTargetSet(_target); } — no TimelockController, no delay parameter.

Sources #

  • Etherscan
    https://etherscan.io/address/0x7712c34205737192402172409a8f7ccef8aa2aec#coderetrieved 2026-04-26

Methodology #

Read the timelock delay (in hours) between a queued upgrade proposal and its executable state.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-032 score not_applicable collected_at 2026-05-12 09:40:42