Admin/upgrade transaction in mempool
Falcon Finance's assessment for RD-F-102 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Admin/upgrade tx in mempool | Applicable: YES (CRITICAL CONCERN) | 4-of-6 Safe with NO timelock is direct proxy admin for USDf and sUSDf. 16 past Safe txs executed with zero pre-announcement window. No admin tx currently pending as of 2026-05-12. Structural risk is maximum: any future admin tx fires with zero defender lead time. Yellow (not firing today but architecture guarantees zero-lead-time future fires).
Detail #
The 4-of-6 Safe multisig (0x1E482B60bf19Cb1cc859389e0eA3DED153f16Bd7, nonce=16) is the direct ProxyAdmin and owner for USDf (0xFa2B947eEc368f42195f24F36d2aF29f7c24CeC2) and sUSDf (0xc8CF6D7991f15525488b2A83Df53468D682Ba4B0) TransparentUpgradeableProxy contracts. No TimelockController has been identified. T-09 signal suppression clause 'tx originates from a timelock contract fed by a queued governance proposal' cannot ever apply because there is no timelock. Of the 16 prior Safe transactions (nonce 1-16), none were pre-announced. Any upgrade function call appearing in mempool from the Safe's threshold of 4 signers would have zero pre-announcement window for users. Phase-2 signal (requires live mempool listener). Signal not currently firing (no pending tx detected as of 2026-05-12). Yellow due to structural posture: architecture guarantees future fires will have zero useful lead time.
Sources #
- EtherscanAdmin Safe on Etherscanhttps://etherscan.io/address/0x1E482B60bf19Cb1cc859389e0eA3DED153f16Bd7retrieved 2026-05-12
- Safe Transaction Service — Falcon Finance Admin Safehttps://api.safe.global/tx-service/eth/api/v1/safes/0x1E482B60bf19Cb1cc859389e0eA3DED153f16Bd7/retrieved 2026-05-12
Methodology #
Detect an admin-role or upgrade transaction appearing in the mempool before confirmation.
See the full factor methodology and distribution across all protocols →