★ Flash-loanable voting weight

Chainlink CCIP's assessment for RD-F-036 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No DAO governor, no on-chain token-holder voting. CCIP governance is a corporate multisig + RBACTimelock model. LINK token holders have zero governance rights over CCIP configuration. Flash-loan governance attack vector does not exist by construction.

Sources #

Docs
Onchain Architecture - Upgradability (EVM) | Chainlink DocumentationCCIP governance model — corporate multisig; no LINK-holder voting; no Snapshot space, no Tally governorretrieved 2026-05-16

Methodology #

Determine whether governance voting power is a function of current token balance of a transferable token with no lock or checkpoint, making it flash-loan susceptible.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-036 score not_applicable collected_at 2026-05-16 01:55:09