defirisk.co
rubric v1.7.0

Admin = deployer EOA after 7 days

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-043 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No admin key held by deployer EOA for any core contract post-setup. v1 deployer (0xa850535) has no ongoing authority — setAddresses() was a one-time bootstrap that transferred addresses and granted no ongoing admin power. v2 BoldToken owner renounced via _renounceOwnership(). v2 Governance owner renounced after registerInitialInitiatives(). No deployer-EOA admin key persists beyond the initial setup window.

Sources #

  • Etherscan
    Liquity Deployer — Etherscanv1 Deployer 0xa850535D3628CD4dFEB528dC85cfA93051Ff2984 labeled 'Liquity: Deployer' — no ongoing authority visible in recent tx historyretrieved 2026-05-16
  • GitHub
    BoldToken.sol — Liquity bold GitHubBoldToken.sol: _renounceOwnership() called post-init; Governance.sol: owner renounced after registerInitialInitiatives()retrieved 2026-05-16

Methodology #

Determine whether, at t = deploy+7d, the admin address still equals the deployer EOA with no evidence of transfer to a multisig.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-043 score not_applicable collected_at 2026-05-16 10:35:50