Timelock on sensitive actions

Centrifuge's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

scheduleRely/executeScheduledRely covers all ward/role grants. Pause is callable by Guardian (no additional timelock on pause — appropriate for emergency use). recoverTokens() is in Root; existing wards can call it. No evidence of a separate untimelocked rescue path outside Root's ward-system flow. Cannot fully confirm recoverTokens call path without BSL-licensed source static analysis.

Sources #

URL
https://docs.centrifuge.io/developer/protocol/security/retrieved 2026-04-27
Etherscan
https://etherscan.io/address/0x0C1fDfd6a1331a875EA013F3897fc8a76ada5DfCretrieved 2026-04-27

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol centrifuge factor RD-F-033 score yellow collected_at 2026-04-30 21:19:10