defirisk.co
rubric v1.7.0

Admin EOA signing from new geography/device

Lombard Finance's assessment for RD-F-107 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Admin EOA signing from new geography/device | Applicable: Yes in principle | Off-chain signing telemetry not available (requires team opt-in; practically always gray). Consortium uses CubeSigner HSMs (positive architectural mitigant -- signing physically constrained to hardware). Deployer EOA and 3-of-5 Safe use standard EOA signing. v2-deferred. Not assessable without telemetry.

Sources #

  • Curator note
    Off-chain telemetry requires team opt-in; not available for public assessment; CubeSigner HSM partially mitigates for Consortium operationsretrieved 2026-05-05

Methodology #

Detect whether an admin/upgrader EOA signs from a geography or device fingerprint inconsistent with prior signing history.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lombard factor RD-F-107 score gray collected_at 2026-05-05 12:03:08