defirisk.co
rubric v1.7.0

Deprecated contract paused but pause reversible by live admin

Frax Finance's assessment for RD-F-167 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Legacy FXS Timelock (0x8412ebf45) has admin = EOA 0x510B35338c8e3b53F12aa109C38995Acd9127aE0 (confirmed EOA, not contract). Last active Sept 2022 (~3.5 years dormant). Holds 69 FRAX (~$68). One source states this timelock controls all configurations for all Frax Oracles on L1. If true, the stale EOA can modify Frax Oracle configs for legacy oracle contracts. The deprecated-surface admin extension pattern: a deprecated legacy timelock still potentially holding live oracle admin rights under an EOA that is dormant but not revoked.

Sources #

  • URL
    Frax Oracle Advanced Concepts | Frax FinanceWeb search result: legacy timelock controls all configurations for all Frax Oracles on L1 (secondary source)retrieved 2026-05-17
  • Etherscan
    EOA 0x510B35 | EtherscanEOA 0x510B35338c8e3b53F12aa109C38995Acd9127aE0 — confirmed EOA (not contract); 17 total txs; last tx Sept 2022retrieved 2026-05-17
  • Etherscan
    Frax Finance: Time Lock | EtherscanLegacy FXS Timelock 0x8412ebf45 admin=0x510B35338c8e3b53F12aa109C38995Acd9127aE0; last activity Sept 2022; balance 69 FRAXretrieved 2026-05-17

Methodology #

Determine whether a deprecated-and-paused contract's pause state is revertible by a currently-live admin role.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-167 score yellow collected_at 2026-05-16 20:44:31