defirisk.co
rubric v1.7.0

Admin EOA signing from new geography/device

Raydium's assessment for RD-F-107 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 6B signal (v1-deferred). Raydium's admin functions are handled by Squads V4 multisig with air-gapped cold devices (network cards physically removed). Individual signer EOA addresses are not publicly enumerated. Signing events are not associated with network-based geography signals because cold devices are offline. The signal requires off-chain signing telemetry that is not available through public on-chain data. Signal architecture assumes single admin EOA signing from a network-connected device — not applicable to Raydium's air-gapped Squads V4 multisig model.

Sources #

  • Docs
    Raydium Protocol Security DocumentationRaydium security docs: cold devices have network cards physically removed; never connected to any networked device except hardware wallet; TOTP + physical hardware key authenticationretrieved 2026-04-29

Methodology #

Detect whether an admin/upgrader EOA signs from a geography or device fingerprint inconsistent with prior signing history.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-107 score not_assessed collected_at 2026-04-29 12:31:55