Guardian/pause-keeper distinct from upgrader

Midas's assessment for RD-F-034 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Pauser role (M_TBILL_PAUSE_OPERATOR_ROLE) and upgrade role (ProxyAdmin owner EOA 0x875c06A2) are architecturally distinct roles. Roles are assigned separately via MidasAccessControl. However, DEFAULT_ADMIN_ROLE holder can grant any role including pause and upgrade, so effective separation depends on whether the same address holds DEFAULT_ADMIN_ROLE and both roles. Specific pause-role holder address not confirmed from public data. Yellow: roles architecturally distinct but collapsable via DEFAULT_ADMIN_ROLE.

Sources #

GitHub
mTBILL.sol — role definitionsmTBILL.sol: pause() onlyRole(M_TBILL_PAUSE_OPERATOR_ROLE); ProxyAdmin separate from pause roleretrieved 2026-05-16
GitHub
MidasAccessControl.sol — role hierarchyMidasAccessControl.sol: DEFAULT_ADMIN_ROLE can grant all roles to any addressretrieved 2026-05-16

Methodology #

Determine whether a pauser/guardian role exists and is held by an address distinct from the upgrader address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-034 score yellow collected_at 2026-05-16 09:34:55