Timelock on sensitive actions

Maple Finance's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Upgrade and oracle/fee config timelocked via GovernorTimelock. Pause (setProtocolPause) callable by securityAdmin (3-of-6) without timelock — deliberate emergency design. 3-of-5 action types timelocked.

Sources #

Etherscan
https://etherscan.io/address/0x9BeAbb1B6f3Ad1ddb87B65148Ba5Eb6102334956#coderetrieved 2026-04-27
Docs
https://docs.maple.finance/technical-resources/security/securityretrieved 2026-04-27

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol maple-finance factor RD-F-033 score yellow collected_at 2026-04-27 05:38:08