Timelock on sensitive actions

Hyperliquid's assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No action in Bridge2 routes through a governance timelock: (a) Proxy admin upgrade — no timelock; (b) invalidateWithdrawals() — cold-validator quorum, no time delay; (c) changeDisputePeriodSeconds() — cold-validator quorum, no timelock; (d) changeLockerThreshold() — cold-validator quorum, no timelock. 200-second dispute queue on withdrawals is operational safety, not governance timelock.

Sources #

GitHub
Bridge2.sol constructor — hot/cold validator parametersBridge2.sol sourceretrieved 2026-04-28
URL
Hyperliquid bridge contract technical analysis — cold validator powersPANews technical analysisretrieved 2026-04-28

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-033 score red collected_at 2026-04-28 13:58:49