★ Single admin EOA

Pendle Finance's assessment for RD-F-027 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] ProxyAdmin contract (0xA28c08f165116587D4F3E708743B4dEe155c5E64) owner is the Pendle Deployer 1 EOA (0x1FcCC097db89A86Bfc474A1028F93958295b1Fb7). This single EOA can upgrade all transparent proxies — including the governance proxy — in one transaction with no timelock. EOA was active as of 2026-04-27.

Sources #

Etherscan
Pendle Deployer 1 EOA — EtherscanDeployer 1 EOA 0x1FcCC097db89A86Bfc474A1028F93958295b1Fb7 — active tx 2026-04-27 to Governance Saferetrieved 2026-04-29
Etherscan
Pendle ProxyAdmin — EtherscanProxyAdmin 0xA28c08f165116587D4F3E708743B4dEe155c5E64 — creator / owner is Pendle Deployer 1 EOAretrieved 2026-04-29
URL
https://docs.pendle.finance/pendle-v2/Securityretrieved 2026-05-06
URL
https://oakresearch.io/en/reports/protocols/pendle-pendle-comprehensive-overview-leading-platform-on-chain-yieldretrieved 2026-05-06

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-027 score red collected_at 2026-04-28 21:09:40