Role separation: upgrade ≠ fee ≠ oracle

Concrete's assessment for RD-F-035 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Factory-level roles not fully separated: the 3-of-5 Safe (factory owner) controls both upgrade authority AND high-level fee configuration. Per-vault roles (VAULT_MANAGER, ALLOCATOR, STRATEGY_MANAGER) are distinct from factory owner at the vault level but role holders not confirmed. Partial separation: vault-level roles exist but factory owner retains combined upgrade+fee power.

Sources #

Docs
Concrete Architecture.md — role separation diagramArchitecture.md: role hierarchy — VaultManagerAdmin, StrategyAdmin, HookManagerAdmin, AllocatorAdmin distinct from factory owner at vault levelretrieved 2026-05-17
GitHub
ConcreteFactory.sol — combined upgrade+config power for factory ownerConcreteFactory.sol: onlyOwner gates both _authorizeUpgrade (upgrade role) and configuration functions; Architecture.md documents VAULT_MANAGER/ALLOCATOR as distinct roles at vault levelretrieved 2026-05-17

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-035 score yellow collected_at 2026-05-17 14:36:59