★ Single admin EOA

Sanctum's assessment for RD-F-027 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No single EOA holds upgrade authority. Profile §3 confirms upgrade authority for Infinity is the Sanctum Multisig (Squads vault PDA). The four CLOUD supply distribution multisigs (Team Cold, Community Cold, Team Ops, Community Ops) are confirmed 4-of-7 per the official $CLOUD Genesis Mint and Accountability blog -- each multisig has 7 signers including 3 named Independent Ecosystem Signers (Stepan/Squads, Robert/Neodyme, Soju/Jupiter) and a 4-signer threshold. The program upgrade multisig threshold for Infinity/Router/Unstake is reported by third-party sources as 5-of-8 Squads V3 (SolanaCompass) or 6-of-10 (SolanaFloor's Infinity V2 announcement) -- the exact M/N for the upgrade authority is unresolved across public sources, but neither candidate is an EOA. Solana BPFLoaderUpgradeable model requires explicit upgrade authority assignment at deploy time; confirmed as multisig, not EOA.

Sources #

Docs
Exploring Sanctum On-Chain: A Deep Dive with SolanaFMProfile §3: upgrade authority = Sanctum Multisig for Infinity Programretrieved 2026-05-04
URL
Sanctum on Solana: Project Review, Programs, Token, MetricsSearch result: Sanctum programs controlled by 5-of-8 Squads V3 multi-sig with core team, validators, and DeFi foundersretrieved 2026-05-04
Docs
https://learn.sanctum.so/blog/usdcloud-genesis-mint-and-accountabilityretrieved 2026-05-06

Methodology #

Determine whether the effective upgrade/owner/rescue role is held by a single EOA (not a multisig) with no timelock on sensitive operations.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-027 score green collected_at 2026-05-04 18:49:23