Timelock on sensitive actions

Ethena's assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No timelock verified on any sensitive function: mint limit changes, collateral add/remove, rescueTokens, redistributeLockedAmounts, role grants all execute immediately after multisig consensus. GATEKEEPER_ROLE can disable mint/redeem without timelock. DEFAULT_ADMIN_ROLE can change role assignments without timelock.

Sources #

GitHub
EthenaMinting.sol — 'No timelock mechanism exists in this contract. Role changes and configuration updates execute immediately.'https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/EthenaMinting.solretrieved 2026-04-28

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-033 score red collected_at 2026-04-28 13:58:51