★ Sudden admin-rescue/ACL change without discussion

Polymarket's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V1→V2 migration included deployment of CTF Exchange V2 (deployed 2026-03-31, live 2026-04-28) with new admin/operator role assignments. Macro upgrade announced 2026-04-07 (~21 days before go-live) with dual audit (Quantstamp + Cantina, March 2026). However: (1) no public governance forum exists; (2) admin/operator addresses for V2 are not publicly disclosed; (3) V2 contract was on-chain 4 weeks before public announcement; (4) all ACL changes are insider-only by design in Polymarket's centralized model. Upgrade was publicly pre-announced (mitigating); insider-only role assignment with zero public discussion is a structural gap. Not red: 3-week notice and dual audit coverage; no evidence of surprise or concealed change.

Sources #

URL
Polymarket Exchange Upgrade: April 28, 2026 — Help CenterPolymarket Help Center upgrade articleretrieved 2026-04-29
GitHub
Polymarket/ctf-exchange GitHub IssuesCTF Exchange issues — no admin-discussion issue foundretrieved 2026-04-29
Etherscan
Polymarket CTF Exchange V2 | PolygonScanCTF Exchange V2 on Polygonscan — deployed 2026-03-31retrieved 2026-04-29
URL
Polymarket Announces CTF Exchange V2 — CryptoTimes 2026-04-07Polymarket V2 announcement April 6 2026retrieved 2026-04-29

Methodology #

Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-123 score yellow collected_at 2026-04-29 16:25:39