Upgrade multisig signer configuration (M/N)

Save (formerly Solend)'s assessment for RD-F-026 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Program upgrade path: 1/1 (single EOA, no multisig). Treasury Squads v3 multisig BRtRjAsgRgQ7vrw4riyrueiqotwH9VaKjQ1vYrNo7YLB: threshold 4/6 (funds only). LM Squads v4 multisig AfLPTjX5Z8QkeHBqago1GiYmj3Uz6b1hiWUmoNMMQhdp: threshold 2/4, time_lock_seconds=null (funds only). Neither Squads multisig controls program upgrades. Operative upgrade M/N = 1/1.

Sources #

Internal
Save profile — multisig scope (funds only, not upgrades).research/protocols/save/00-profile.md §6 governance topology — multisig scope clarificationretrieved 2026-05-17
Internal
Save data cache — Squads multisig verification.research/protocols/save/00-data-cache.json solana_multisigs[1] treasury (trace sig yGHQUjgkcR94iwCiMzUDgVidnJTNifJYWzVjnosfYDxRm5MXd5vWhCQDdxJg6S3xjaNkYnNeVHP5wwCzsvb9Ufc) and solana_multisigs[2] LM (trace sig yC5opWtg5s4YTEJBpyXcGPMGyJi9TGzUi5JEaBbvmXGsg8onvSeYfQ8Rh7c97eQpfzxYnX9JaKgNYauGMH7sWdN)retrieved 2026-05-17

Methodology #

Read `threshold` and `getOwners()` on the multisig controlling upgrade / sensitive ops. Store as `required` (M) and `total` (N); render as "M/N". For EOA admins record `required=1, total=1` (display "1/1"). Null when admin is immutable or full DAO with no fixed signer set.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-026 score red collected_at 2026-05-17 15:20:15