defirisk.co
rubric v1.7.0

Rescue/emergencyWithdraw without timelock

Stake DAO's assessment for RD-F-041 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Timelock source has no rescue/emergencyWithdraw function. LlamaRisk notes multisig has 'elevated rights' that could 'rug users', implying some direct action path. Full enumeration of rescue functions across all core contracts (CurveYCRVVoter, sdCRV, strategy contracts) not completed in this pass. Yellow pending code-security-analyst full source scan.

Sources #

  • URL
    LlamaRisk Asset Risk AssessmentLlamaRisk: 'StakeDAO 4-of-7 multisig has the ability to rug its users' — implies direct-action path existsretrieved 2026-05-16
  • Etherscan
    Stake DAO TimelockTimelock source: no rescue/emergency/sweep functions found in timelock contractretrieved 2026-05-16

Methodology #

Determine whether a `rescue(…)` or `emergencyWithdraw(…)` function exists callable by admin without a timelock delay on execution.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-041 score yellow collected_at 2026-05-16 12:29:20