defirisk.co
rubric v1.7.0

Security-Council threshold reduction (RT)

Kamino Lend's assessment for RD-F-182 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Signal not firing today but posture is elevated: Squads multisig threshold is 'less than 4 signers' per Exponential.fi — already below peer-norm. Drift Protocol April 2026 ($285M DPRK exploit) was preceded by exactly this signal class (3/5->2/5 threshold reduction + timelock removal 6 days before exploit). Kamino uses identical Squads multisig architecture. Curator must verify current threshold via on-chain read.

Detail #

RD-F-182 (batch-24): Security-Council threshold reduction event detection. Kamino's upgrade authority is a Squads multisig with 'less than 4 signers' per Exponential.fi. The exact threshold (k-of-N) is unconfirmed — requires on-chain read via Squads program. No threshold reduction event detected from public sources. However: (1) Drift Protocol April 2026 exploit was DPRK-attributed and preceded by a 3/5→2/5 SC change + timelock removal, 6 days before $285M drain. (2) Kamino uses the same Squads multisig architecture on Solana. (3) Exponential.fi reports 'less than 4 signers' — if threshold is 2-of-3, protocol is already at a configuration comparable to Drift pre-exploit. Yellow reflects structural analog risk, not a confirmed firing.

Sources #

Methodology #

Detect in real-time whether the bridge/protocol Security Council multisig executes a threshold reduction (e.g. 3/5 → 2/5), timelock removal, or new-signer addition within ≤14 days of either of those events.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kamino-lend factor RD-F-182 score yellow collected_at 2026-04-30 21:19:16