defirisk.co
rubric v1.7.0

Timelock on sensitive actions

BlackRock USD Institutional Digital Liquidity Fund (BUIDL)'s assessment for RD-F-033 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[PD-042 rescore 2026-05-12, v1.7.0+] Timelock on admin actions is incompatible with the regulatory response model: the issuer must be able to act immediately on court-ordered freeze, sanctions compliance, or fund-rules changes. Scored not_applicable per PD-042 (Cat 2 RWA-issuer subset). Residual operational risk of key compromise is captured by multisig-coverage factors (yellow rather than N/A). ORIGINAL EVIDENCE (preserved from v1.6.0 grading): No timelock on any sensitive action (mint/pause/rescue/upgrade). All actions immediate via role-based access. DSToken ABI: issueTokens(), pause(), seize(), setTarget() — none route through TimelockController. No timelock contract found on Etherscan for BUIDL.

Sources #

  • GitHub
    https://github.com/securitize-io/dstokenretrieved 2026-04-26
  • Etherscan
    https://etherscan.io/address/0x7712c34205737192402172409a8f7ccef8aa2aecretrieved 2026-04-26

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol blackrock-buidl factor RD-F-033 score not_applicable collected_at 2026-05-12 09:40:42