★ Low-threshold multisig vs TVL

Spiko's assessment for RD-F-028 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[CRITICAL] 2-of-5 Safe threshold at $1.22B TVS. Peer norm for >$1B TVL is 5-of-8 or higher. Compromise of any 2 of 5 signers (all unidentified publicly) enables immediate contract upgrade with no timelock delay. Arbitrum STEP-2 application confirms Safe but discloses no address, threshold, or signers. Governance opacity compounds the low-threshold risk.

Sources #

URL
Spiko DeFiLlama TVLDeFiLlama TVL ~$1.22B confirming TVL band for peer-cohort comparisonretrieved 2026-05-16
URL
Spiko super-admin Safe API responseSafe API: threshold=2, owners=5 at 0xEBB418e1f8E8F26BdF7816A2cD25bE87c040E425retrieved 2026-05-16
Governance
Spiko USTBL Arbitrum STEP-2 applicationArbitrum STEP-2 application: super-admin is a multisig using Safe but no address or threshold disclosedretrieved 2026-05-16

Methodology #

Determine whether the multisig threshold is abnormally low relative to TVL peer cohort (e.g., 2-of-3 for a protocol with >$100M TVL where peer norm is 5-of-8).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol spiko factor RD-F-028 score red collected_at 2026-05-15 22:52:13