★ Sudden admin-rescue/ACL change without discussion
Maple Finance's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
GovernorTimelock deployed September 2025 with new admin topology (DAO multisig proposer, operationalAdmin executor, securityAdmin canceller). Audits (0xMacro + Sherlock) completed. No corresponding MIP or governance forum proposal identified for this structural ACL change. Governance discussion gap is the yellow driver.
Detail #
The GovernorTimelock (0x2eFFf88747...) was deployed ~216 days before assessment date (September 2025) and introduces a new privilege topology. 0xMacro and Sherlock audit reports exist (published in maple-core-v2 /audits/2025-sept-governor-timelock/). However, the governance proposals list (MIP-005 through MIP-020) shows only tokenomics/fee/buyback proposals — no MIP announcing the timelock, who holds the securityAdmin/operationalAdmin roles, or when these designations were made. The forum's Proposal section (33 topics), Discussion section (16 topics), and Transparency & Accountability section (15 topics) were not fully searchable. Scored yellow (not red) because: (a) engineering audits were completed and published; (b) the deploy was not a unilateral hot-patch; (c) no evidence of a Drift-Protocol-style silent threshold downgrade or ACL weakening. The governance-forum discussion gap is a transparency deficit, not a confirmed insider-implant signal.
Sources #
- URL
- Maple Finance GovernorTimelock Audit ReportsGovernorTimelock audits — 0xMacro + Sherlock (Sept 2025)retrieved 2026-04-27
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →