defirisk.co
rubric v1.7.0

Sudden admin-rescue/ACL change without discussion

dYdX v4 (dYdX Chain)'s assessment for RD-F-123 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

CRITICAL FACTOR -- GREEN. dYdX v4 has no EVM-style admin key, multisig ACL, or admin-rescue function. All protocol-parameter changes require on-chain x/gov governance proposals with mandatory deposit period, 4-day standard voting period (1-day expedited), and quorum threshold. Protocol upgrades (chain v4.0 April 2024) and bridge discontinuation (Dec 2024) were preceded by documented governance forum discussion at dydx.forum and on-chain proposals viewable via Mintscan. The Feb-2026 npm/PyPI supply-chain attack was an external credential theft against package publishing infrastructure -- it did not involve on-chain admin manipulation, no insider active-participation has been confirmed (Socket.dev: 'developer account compromise', no specific insider named), and the on-chain protocol was unaffected per dYdX's own clarification. No admin-rescue function or sudden ACL change pattern exists on this Cosmos substrate.

Sources #

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-123 score green collected_at 2026-05-17 09:58:47