★ Rescue/emergencyWithdraw without timelock

GMX v2 (GMX Synthetics)'s assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No dedicated rescue/emergencyWithdraw function found (GitHub search returned 0 results). Bank.sol transferOut is CONTROLLER-gated operational function. RoleStore.revokeRole() is immediate — no timelock signal required — confirmed by README. This creates a non-timelocked path where ROLE_ADMIN can strip critical roles instantly. Full drain requires combining immediate role revocation with role reassignment and then calling Bank.transferOut; not a single-tx drain but the immediate revoke capability reduces effective timelock protection.

Sources #

GitHub
Bank.sol transferOut — CONTROLLER gatedBank.sol — transferOut(token, receiver, amount) onlyController; no rescue functionretrieved 2026-05-05
GitHub
RoleStore immediate revokeRoleRoleStore.sol — revokeRole() callable by ROLE_ADMIN without signal/delayretrieved 2026-05-05
GitHub
README — immediate revokeRole design intentREADME.md — 'timelock multisig should revoke the permissions of malicious or compromised accounts'retrieved 2026-05-05

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-041 score yellow collected_at 2026-05-05 11:15:06