★ Sudden admin-rescue/ACL change without discussion
Sanctum's assessment for RD-F-123 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Sanctum's upgrade authority for core programs described as Squads multisig (4-of-7 for CLOUD supply layer; 11-member for LST programs per profile §6). Infinity V2 launch (March 2026) was publicly announced with prior blog announcements and active governance forum at research.sanctum.so. No affirmative incident of sudden unilateral on-chain upgrade authority change without community discussion identified. However, specific on-chain Squads multisig addresses for core program upgrade authority (Unstake, Router, Infinity) are NOT_RESOLVED per profile — governance-admin-analyst gap. Without confirming upgrade authority is definitively the named multisig and not a residual EOA, cannot assign green. Yellow from enumeration gap, not affirmative red signal.
Sources #
- URLCLOUD: The Sanctum Governance Token — multisig structureSanctum CLOUD governance token blog (4-of-7 threshold)retrieved 2026-05-04
- Sanctum Launches Infinity V2 — publicly announced upgradeSanctum Infinity V2 launch blogretrieved 2026-05-04
- 00-profile.md §6: upgrade_multisig_cloud: NOT_RESOLVED; upgrade_multisig_lst_programs: NOT_RESOLVEDProfile §6 — governance topologyretrieved 2026-05-04
Methodology #
Determine whether any admin-rescue function or ACL change was committed to the repo or executed on-chain without corresponding public discussion in issues, PRs, or governance forum.
See the full factor methodology and distribution across all protocols →