Timelock on sensitive actions

Rocket Pool's assessment for RD-F-033 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

pDAO settings changes (3+ action types) go through 2-week governance delay. However: (1) Security Council can pause deposits, minipool creation, RPL price updates without timelock, (2) guardian bootstrap functions (modify settings, spend treasury) have NO timelock, (3) the explicit upgrade delay only applies to contract upgrades — not all sensitive actions. 3 of 5 action types are adequately timelocked; pause and bootstrap-settings paths are not.

Sources #

Governance
RPIP-33: Implementation of an On-Chain pDAORPIP-33 Security Council rapid response powers - no timelock for emergency pauseretrieved 2026-05-04
Governance
RPIP-60: Protocol Upgrade GuardrailsRPIP-60 upgrade delay applies to contract upgrades specificallyretrieved 2026-05-04
URL
Rocket Pool Saturn I UpgradeSaturn One upgrade guardrails documentationretrieved 2026-05-04

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-033 score yellow collected_at 2026-05-04 15:40:28