Guardian/pause-keeper distinct from upgrader

Circle USYC's assessment for RD-F-034 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

RolesAuthority pause() is callable by owner, which is the same address chain as upgrade authority. No distinct guardian multisig. Role separation between pauser and upgrader not implemented.

Sources #

Etherscan
RolesAuthority impl source - pause/upgrade same authorityRolesAuthority impl 0xb59B1568: pause() requires onlyOwner; same owner as upgrade authorityretrieved 2026-05-16

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-034 score red collected_at 2026-05-15 21:56:43