Security-Council threshold reduction (RT)

Evidence summary #

Community MultiSig (0xbbf3f1421D886E9b2c5D716B5192aC998af2012c) threshold stable at 5-of-9 per data cache Safe API (2026-04-27T03:38:24Z). No ChangedThreshold, AddedOwner, or RemovedOwner event detected in last 14 days.

Detail #

RD-F-182 (batch-24): real-time signal for Security-Council threshold reduction or co-occurring governance-weakening events within 14-day window. For Compound V3, the Community MultiSig at 0xbbf3f1421D886E9b2c5D716B5192aC998af2012c serves as both Pause Guardian and Proposal Guardian — the functional equivalent of a Security Council for this protocol. Data cache Safe Transaction Service API (2026-04-27T03:38:24Z): threshold=5, owner_count=9. No threshold reduction event detected. MultiSig renewed Oct 2025 at stable threshold. The 2024 Proposal 289 governance attack (Golden Boys) was a governance proposal attack, not a multisig threshold reduction — distinct from F182 class. For F182 production monitoring: ChangedThreshold, AddedOwner, and RemovedOwner events on this Safe contract must be subscribed. The Drift Protocol precedent (3/5 SC → 2/5 threshold reduction 6 days before $285M DPRK exploit) makes this the most critical new signal from batch-24 for governance-heavy protocols.

Sources #

Methodology #

Detect in real-time whether the bridge/protocol Security Council multisig executes a threshold reduction (e.g. 3/5 → 2/5), timelock removal, or new-signer addition within ≤14 days of either of those events.

See the full factor methodology and distribution across all protocols →