Hot-wallet signer flag

Sanctum's assessment for RD-F-030 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Signer addresses for program upgrade multisig not publicly disclosed. Cannot assess on-chain signing behavior. Three named external signers are from credible organizations (Squads, Neodyme, Jupiter), suggesting non-hot-wallet patterns, but on-chain confirmation is impossible without addresses.

Sources #

URL
$CLOUD Genesis Mint — signer names without addressesProfile §6: signer addresses not publicly enumerated; factor not assessableretrieved 2026-05-04

Methodology #

Determine whether ≥1 multisig signer address exhibits on-chain behavior consistent with a hot wallet (web-wallet signing pattern, no hardware signing indicators).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-030 score gray collected_at 2026-05-04 18:49:23