defirisk.co
rubric v1.7.0

Timelock on sensitive actions

Orca's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Upgrade: timelocked (24h Squads v4). Fee authority changes: routed through same Squads multisig (timelocked). Config authority changes: same multisig (timelocked). Collect_protocol_fees_authority: held by team; no independent verification that this specific role requires Squads multisig execution (fee collection is not a drain path since LP funds are not extractable this way). Pause: no global pause function exists — N/A. 3-4 of relevant action types timelocked = yellow.

Sources #

  • Internal
    Data cache — timelock on upgrade path confirmedcache sources.solana_multisigs[0]: verified_time_lock_seconds=86400 applies to upgrade authorityretrieved 2026-05-16
  • GitHub
    Whirlpool program lib.rs (Anchor/Rust — confirms non-EVM substrate)https://github.com/orca-so/whirlpools/blob/main/programs/whirlpool/src/lib.rsretrieved 2026-05-16

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol orca factor RD-F-033 score yellow collected_at 2026-05-16 02:39:16