defirisk.co
rubric v1.7.0

Security-Council threshold reduction (RT)

Ondo Finance's assessment for RD-F-182 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Applicable — management multisig is Ondo's equivalent of a "Security Council." A 4/7 → 3/7 threshold reduction or new-signer addition would fire this signal. Flux Finance timelock (1-day, at `0x2c5898da4DF1d45EAb2B7B192a361C3b9EB18d9c`) removal or shortening would also qualify. Context: Drift Protocol DPRK attack (April 2026) used SC threshold reduction 6 days before exploit — identical pattern to what this signal detects.

Sources #

  • Curator note
    Extracted from 06-realtime-intel.md — RD-F-182 finding; no URL cited in originalretrieved 2026-04-28

Methodology #

Detect in real-time whether the bridge/protocol Security Council multisig executes a threshold reduction (e.g. 3/5 → 2/5), timelock removal, or new-signer addition within ≤14 days of either of those events.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-182 score gray collected_at 2026-05-14 12:01:55