★ Rescue/emergencyWithdraw without timelock
JustLend DAO's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
_reduceReserves(uint reduceAmount) on CToken/JToken is callable by reserveAdmin (not admin/Timelock). SlowMist sTRX audit flagged: 'ReserveAdmin can call claimReserves and reservePayBadDebt functions at will.' Team response: 'ReserveAdmin would be transferred to governance and timelock.' On-chain confirmation not obtainable via available Tronscan API. Function transfers protocol interest reserves only (not user-deposited principal). No dedicated emergencyWithdraw/rescue/sweep function confirmed in Comptroller or jToken source. Yellow not red: (1) only reserves, not user principal; (2) committed transfer to Timelock per audit response; (3) no single-tx full-drain of user funds confirmed.
Sources #
- GitHubJustLend CToken.sol — _reduceReserves and reserveAdminCToken.sol: _reduceReserves() — if (msg.sender != reserveAdmin) return fail(Error.UNAUTHORIZED). doTransferOut(reserveAdmin, reduceAmount). Extracts accrued reserves to reserveAdmin address.retrieved 2026-05-17
- JustLend SlowMist sTRX Security AuditSlowMist sTRX audit finding (via web search): 'Admin can set address of rentalRateModels... Admin can set reserveAdmin... ReserveAdmin can call claimReserves and reservePayBadDebt functions at will. Project team: ReserveAdmin would be transferred to governance and timelock.'retrieved 2026-05-17
Methodology #
Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.
See the full factor methodology and distribution across all protocols →