defirisk.co
rubric v1.7.0

Role separation: upgrade ≠ fee ≠ oracle

mETH Protocol's assessment for RD-F-035 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Staking.sol defines 6 distinct roles: STAKING_MANAGER_ROLE (parameters), ALLOCATOR_SERVICE_ROLE (fund allocation), INITIATOR_SERVICE_ROLE (validator init), STAKING_ALLOWLIST_MANAGER_ROLE, TOP_UP_ROLE, DEFAULT_ADMIN_ROLE. Upgrades routed through TimelockController (Security Council). Oracle is read-only. METH.sol adds MINTER_ROLE and BURNER_ROLE. Role functions are distinct.

Sources #

  • GitHub
    mETH Protocol Staking.sol source (GitHub)Staking.sol source: defines STAKING_MANAGER_ROLE, ALLOCATOR_SERVICE_ROLE, INITIATOR_SERVICE_ROLE, STAKING_ALLOWLIST_MANAGER_ROLE, TOP_UP_ROLE, DEFAULT_ADMIN_ROLE as distinct role bytes32 constantsretrieved 2026-05-16
  • GitHub
    mETH Protocol METH.sol source (GitHub)METH.sol source: defines MINTER_ROLE and BURNER_ROLE distinct from adminretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-035 score green collected_at 2026-05-16 02:17:50