defirisk.co
rubric v1.7.0

Timelock on sensitive actions

Meteora's assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No on-chain timelock on any sensitive action (upgrade, pool disable, config change). All gated by Squads v3 multisig threshold only, with immediate execution after threshold approval. DBC set_pool_status (enable/disable pools) callable by admin without on-chain delay. DLMM config changes and DAMM v2 admin actions similarly untimelocked. Squads v3 structural constraint — no time_lock field.

Sources #

  • GitHub
    DAMM v2 GitHub — Admin FunctionsMeteoraAg/damm-v2 README — set_pool_status, create_config admin functions listedretrieved 2026-05-16
  • Internal
    Solana Governance Verification MethodologySOLANA_GOVERNANCE.md — no time_lock in Squads v3; confirmed across all v3 protocolsretrieved 2026-05-16

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meteora factor RD-F-033 score red collected_at 2026-05-16 10:03:05