Role separation: upgrade ≠ fee ≠ oracle

Circle USYC's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No clear role separation between upgrade, fee collection, and oracle configuration. Teller source shows setOracle(), setFeeRecipient(), setFees() all routed through same authority. An operational address 0xDbE01f44 executes setUserRole calls suggesting some operational delegation, but the upgrade authority remains with the EOA chain.

Sources #

Etherscan
RolesAuthority events - operational delegationRolesAuthorityProxy 0x902D906b - Set User Role calls from 0xDbE01f44 (operational address)retrieved 2026-05-16
Etherscan
Teller implementation source - role separationTeller implementation 0xF8724D6b: setOracle, setFeeRecipient, setFees all require same authorityretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-035 score yellow collected_at 2026-05-15 21:56:43