★ Rescue/emergencyWithdraw without timelock

Frax Finance's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

frxUSD contracts have NO timelock on admin actions per LlamaRisk explicit statement. The Comptroller 3-of-5 Safe can call pause(), upgrade proxy, addMinter(), removeMinter() on frxUSD without any mandatory delay. Omega-routed actions have a 2-day veto window, but direct Safe executions (not routed via Omega) have no delay. Emergency/rescue-equivalent functions executable by multisig in a single transaction. Not red because (a) requires 3-of-5 multisig coordination (not a single EOA), (b) frxETH sfrxETH are immutable (largest historical TVL surface has no rescue functions), (c) Omega veto is an active community check for governance-routed actions.

Sources #

URL
frxUSD Token Review | Chaos LabsChaos Labs frxUSD review: admin multisig has full control to upgrade, change parameters, pause functionalityretrieved 2026-05-17
Etherscan
FrxUSD Implementation | EtherscanfrxUSD impl 0x0000000048d2c8 includes pause() and minter_mint() functionsretrieved 2026-05-17
URL
Pegkeeper Onboarding Review: Frax frxUSD | Llama RiskLlamaRisk: no timelocks implemented in frxUSD contracts; admin multisigs have full control to upgrade contracts, change parameters, or pause functionalityretrieved 2026-05-17

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-041 score yellow collected_at 2026-05-16 20:44:31