Upgrade multisig signer configuration (M/N)

Hyperlane's assessment for RD-F-026 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Operations Safe: 4-of-9 (verified Safe API). Core Governance Safe: 6-of-10 (verified Safe API). ProxyAdmin v1 owner Safe (0x12C5AB61): 3-of-6 (verified Safe API — U18 resolution). 3-of-6 and 4-of-9 are both below peer norm (5-of-8+) for $132M TVL bridge protocols. 6-of-10 core governance Safe meets peer norm but may not be the operational admin for all upgrade paths.

Sources #

URL
Safe API Operations Safe verificationSafe API: threshold=4, owner_count=9 for Operations Saferetrieved 2026-05-17
URL
Safe API Core Governance verificationSafe API: threshold=6, owner_count=10 for Core Governance Saferetrieved 2026-05-17
URL
Safe API ProxyAdmin v1 owner Safe — U18 resolvedSafe API: threshold=3, owner_count=6 for ProxyAdmin v1 owner Safe 0x12C5AB61Fe17dF9c65739DBa73dF294708f78d23 (U18 resolution)retrieved 2026-05-17

Methodology #

Read `threshold` and `getOwners()` on the multisig controlling upgrade / sensitive ops. Store as `required` (M) and `total` (N); render as "M/N". For EOA admins record `required=1, total=1` (display "1/1"). Null when admin is immutable or full DAO with no fixed signer set.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-026 score yellow collected_at 2026-05-16 23:03:56