Timelock on sensitive actions

Sanctum's assessment for RD-F-033 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed timelock on any action category: program upgrades (Squads multisig only), CLOUD supply changes (4-of-7 multisig), pool parameter changes (SPL stake pool manager = same multisig). Futarchy vote window provides de facto delay for community-governed decisions but does not constrain multisig execution. No TimelockController equivalent identified.

Sources #

Docs
Squads: Why Manage Program Upgrades with a MultisigProfile §6 timelock gap + Squads V4 optional timelock documentationretrieved 2026-05-04
Docs
Sanctum Deployed Programs docs (403)No timelock found across all sensitive action categories for Sanctum programs on Solanaretrieved 2026-05-04

Methodology #

For each sensitive action category (mint / pause / rescue / setOracle / upgrade), determine whether execution requires going through the declared timelock.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-033 score red collected_at 2026-05-04 18:49:23